WIN32 generic host and can't access MS update

Greeting and I hope you can help me resolve issues with a relatives computer. Dell insprion 9300 - She is getting the win32 generic host errors - also the MS update function throws cannot access webpage screen. I used to have Internet security by occillin - then changed to WS secuirty essentials - ran MalwareBytes 2 times Xoftspyse 2 times the superAntispy free addition.. still the errors continue. I was getting survey page hijack but I think I resolved it by updating Java. At thus point my toolbag is empty! :-(

Here is DDS Log contents

DDS (Ver_10-10-10.03) - NTFSx86
Run by Peggy at 10:39:22.98 on Wed 10/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.401 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.drudgereport.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html
mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-9 136176]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2010-9-29 582424]

=============== Created Last 30 ================

2010-10-20 12:47:07 -------- d-----w- c:\docume~1\peggy\applic~1\SUPERAntiSpyware.com
2010-10-20 12:47:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-20 12:46:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 12:44:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-20 12:44:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 16:50:28 -------- d-----w- c:\windows\Downloaded Program Files
2010-10-19 15:35:46 -------- d-----w- c:\docume~1\peggy\applic~1\Malwarebytes
2010-10-19 15:35:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 15:35:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 15:35:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-19 15:35:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 13:54:25 -------- d-----w- C:\suspicious_files_from_user
2010-10-19 13:12:09 -------- d-----w- c:\program files\common files\XoftSpySE
2010-10-19 13:12:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE
2010-10-19 13:12:04 -------- d-----w- c:\program files\XoftSpySE6
2010-10-19 12:18:20 -------- d-----w- c:\docume~1\peggy\applic~1\DriverCure
2010-10-19 12:18:19 -------- d-----w- c:\docume~1\peggy\applic~1\ParetoLogic
2010-10-19 12:18:08 -------- d-----w- c:\program files\common files\ParetoLogic
2010-10-19 12:18:03 -------- d-----w- c:\program files\ParetoLogic
2010-10-19 12:18:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-10-18 20:08:30 -------- d-----w- c:\docume~1\peggy\applic~1\ElevatedDiagnostics
2010-10-18 18:27:59 9728 ------w- c:\windows\system32\rwnh.dll
2010-10-18 18:27:59 10752 ------w- c:\windows\system32\smtpapi.dll
2010-10-18 18:27:57 81920 ------w- c:\windows\system32\ieencode.dll
2010-10-18 18:27:57 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2010-10-18 18:27:56 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2010-10-18 18:27:53 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2010-10-18 18:27:51 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll
2010-10-18 18:27:50 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
2010-10-18 18:27:50 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
2010-10-18 18:27:50 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2010-10-18 18:27:13 19569 ----a-w- c:\windows\000001_.tmp
2010-10-18 18:15:10 -------- d-----w- C:\8c21c67b621f1059f6c6761503
2010-10-18 17:49:06 -------- d-----w- C:\8b1ce74bfba40304c373ea52
2010-10-18 17:47:59 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2010-10-18 17:45:22 -------- d--h--w- c:\windows\msdownld.tmp
2010-10-18 17:45:02 -------- d-----w- c:\windows\Logs
2010-10-18 16:02:13 6084944 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{220d81da-0021-4e4c-89e0-f001cfa9828d}\mpengine.dll
2010-10-18 15:53:17 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-18 15:45:50 -------- d-----w- C:\011b28915347fe7552ea
2010-10-18 15:13:45 -------- d-----w- c:\windows\system32\CatRoot2
2010-10-18 14:16:17 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
2010-10-18 14:16:14 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
2010-10-18 14:16:12 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys
2010-10-18 14:16:05 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
2010-10-18 14:16:04 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys
2010-10-18 14:16:02 322432 ----a-w- c:\windows\system32\dllcache\g400m.sys
2010-10-18 14:14:59 57856 ----a-w- c:\windows\system32\dllcache\esuimgd.dll
2010-10-18 14:13:59 69692 ----a-w- c:\windows\system32\dllcache\el575nd5.sys
2010-10-18 14:12:59 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll
2010-10-18 14:11:56 39936 ----a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-10-18 14:10:30 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-10-18 14:09:59 37568 ----a-w- c:\windows\system32\dllcache\avmwan.sys
2010-10-18 14:08:48 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2010-10-18 14:08:37 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-10-18 14:08:24 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-10-18 14:08:24 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-10-18 14:08:23 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2010-10-18 14:08:22 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-10-18 14:08:22 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2010-10-18 14:08:21 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-10-16 20:34:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-16 20:34:25 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-14 10:44:02 0 ----a-w- c:\windows\system32\lspA8.tmp
2010-10-09 14:56:58 -------- d-----w- c:\docume~1\peggy\locals~1\applic~1\Mozilla
2010-10-09 14:52:26 -------- d-----w- c:\program files\Mozilla Firefox(2)
2010-09-23 06:29:32 -------- d-----w- c:\windows\system32\Service

==================== Find3M ====================

2010-09-16 21:59:35 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-16 21:59:34 56 --sh--r- c:\windows\system32\A343378237.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 10:41:25.82 ===============

And as you can see I type lousey!

Edited by hamluis, 20 October 2010 - 02:51 PM.

Hello Hank Knowles ,



Download TDSSKiller.zip

• Extract it to your desktop
• Double click TDSSKiller.exe
• Press Start Scan
  
  • If Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
• Copy and paste the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea

Hello Hank Knowles ,



Download TDSSKiller.zip

• Extract it to your desktop
• Double click TDSSKiller.exe
• Press Start Scan
  
  • If Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
• Copy and paste the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea

Hi Tea here is the logfile

Thanks I ran the utility it found 1 rootkit and I selected cure attached

Hello,

Excellent.....that rootkit wreaks havoc, doesn't it. How is it running now please? It *should* be much better. Have a run with MBAM and let me know if it reports anything. Also, please see if you can get your MS updates now.

Thanks,
tea

Hello,

Excellent.....that rootkit wreaks havoc, doesn't it. How is it running now please? It *should* be much better. Have a run with MBAM and let me know if it reports anything. Also, please see if you can get your MS updates now.

Thanks,
tea

Hi Tea:

Yes it is a devilish bug and after it cleared it out the ms update started working ran all the scans and all came back clean.
It a shame that Internet Security from PC-Cillin allowed that on the PC. But all is well and learned a bunch on this one.

Sad to say I was the Desktop specialist when I was employed by big blue. Been away from broken pc's for too long. Luckily the systems I support can't get infected!

Cheers thank you so much for your time and advice!

Regards,

Hank Knowles

You're most welcome, Hank.

tea

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.