Internet not running properly/Generic Host Process error message rec'd

My internet is slow at times and won't open at all other times. When searching for websites often different ones appear than the one I clicked on. Keep receiving the Generic host process error. Tried to run a fix with Microsoft website but computer gives me an error message when I try to download it. Scans with Malwarebytes Anti-Malware returns no infected files. Ran OTL but unable to copy & paste entire OTL & Extras notepad contents (over the character limit). How should I get that data to you?

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

ComboFix 11-02-07.01 - William Peterson 02/07/2011 21:23:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1569 [GMT -6:00]
Running from: c:\documents and settings\William Peterson\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\William Peterson\Application Data\completescan
c:\documents and settings\William Peterson\Application Data\install
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\bszip.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-02-08 03:23 . 2011-02-08 03:23 -------- d-----w- c:\windows\LastGood

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2011-01-03 00:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2011-01-03 00:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iYogi Support Dock"="c:\program files\iYogi Support Dock\iYogiSupportDock.exe" [2010-12-09 1418480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^William Peterson^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\William Peterson\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-02-01 22:45 98304 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
2006-04-12 01:39 176201 ----a-w- c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-25 00:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145367420\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145367420\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 iYogiURLHit.exe;iYogi Hit Agent;c:\program files\iYogi Support Dock\Services\URLHit\iYogiURLHit.exe [12/3/2010 3:59 AM 17408]
R2 SupportDockClientService.exe;iYogi Communication Agent;c:\program files\iYogi Support Dock\Services\CommAgent\SupportDockClientService.exe [12/7/2010 8:02 AM 55296]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 4:30 PM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 4:30 PM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 4:30 PM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 4:30 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 4:30 PM 262215]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 8:11 PM 135664]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [7/8/2007 7:00 PM 22136]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-07 21:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-07 21:38:42
ComboFix-quarantined-files.txt 2011-02-08 03:38

Pre-Run: 56,474,484,736 bytes free
Post-Run: 57,176,514,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - AA0E8FABE19C59CA46C614DBA76C68FF

Scan for malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5717

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2/8/2011 7:29:42 PM
mbam-log-2011-02-08 (19-29-42).txt

Scan type: Quick scan
Objects scanned: 172927
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
  
• Double-click on OTS to start the program (if you are running on Vista then right-click the program and
  choose Run as Administrator).
  
• At the top, tick on Scan All Users section and Include MD5.
  
• At File Age set it to 90 Days
  
• In the Processes, Modules, Services, Drivers, and Registry
  section, please set on Safe List.
  
• In the Files Created Within and Files Modified Within section, set it to File Age
  
• At the bottom, tick on all Safe List and Use Company Name WhiteList option
  
• Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
  Reg - Disabled MS Config Items
  Reg - Drivers32
  Reg - Ext
  Reg - IE
  Explorer Bar
  Reg - NetSvcs
  Reg - Safeboot Minimal
  Reg - Safeboot Network
  File - Lop Check
  File - Purity Scan
• Do NOT change any other settings.
  
• Then, in the Custom Scans box, place this in:
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\System32\*.sys
  %systemroot%\System32\drivers\*.dll
  %systemroot%\System32\drivers\*.ini
  %systemroot%\System32\drivers\*.exe
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  %appdata%\*.*
  
  
• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

When I click on the link for OTS, my open internet windows all close and I am not able to even save the program. I ran Malware again and below are the results:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5717

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2/9/2011 1:31:11 PM
mbam-log-2011-02-09 (13-31-11).txt

Scan type: Quick scan
Objects scanned: 173207
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\william peterson\local settings\temporary internet files\Content.IE5\P2XQFOQ1\OTS[1].exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\documents and settings\william peterson\local settings\temporary internet files\Content.IE5\QDT81OBE\OTS[1].exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

Still unable to run OTS.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=a22730d6c534444db61464f2edb95809
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-16 03:51:49
# local_time=2011-02-15 09:51:49 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777179 100 0 158663031 158663031 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=99585
# found=6
# cleaned=6
# scan_time=6440
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\William Peterson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cwcshoaseqkz.jar-7910cbb4-3b01c820.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\William Peterson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\d02a0679e1e.jar-5cb36c60-70254192.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\William Peterson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\etknxldrcnyl.jar-193db890-19c682e2.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1773\A0124838.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\12543.js JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

Seems there are no other issues. Thank you for your help.

Had a problem:

•Cleaned System Restore - COMPLETE
•Ran OTC - UNABLE TO RUN - Internet shuts down when I click on the link
•Ran TFC - DIDN'T ATTEMPT AFTER OTC ISSUE
•Ran Security Check - DIDN'T ATTEMPT AFTER OTC ISSUE

Try this one instead:

http://www.itxassociates.com/OT-Tools/OTC.exe

I have the same problem with this as well. As soon as I click on the link, my internet shuts down.

Does it seem like something is blocking it, like antivirus or fake antivirus?

It seems that way, although there is no message indicating that. When I click on the link, the window asking me to run or save the program pops up, but before I can click on anything it all shuts down.

What antivirus is running?

Trend Micro PC-cillin Internet Security 12

One more question..even when the internet security is disabled, it still gets blocked?

I uninstalled the the anti virus and still cannot run either program.

Hi,

DragonMaster Jay is not available for the next several days and has asked us to take over.....

Please read carefully and let me know if you have any questions.

Create a batch file:

Note: You will need to save any work before double clicking the fix.bat file because it will automatically restart your computer

• Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
  

  Code:

  @echo off
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 10
del /f /q %0
  
  
• Once you've done that click on File and select Save As...
  
• In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  
• Name the file fix.bat (the .bat extension is very important)
  
• Save the file to your desktop and double click it to run it.
  
• Once it runs it will automatically restart your computer
  
• Once your computer boots again, check to see if your internet has improved or any shut downs?
  

I ran fix.bat, restarted the computer, then tried to run OTC.exe and had the same problem. Internet immediately shuts down. What does this program do?

OTC.exe removes the tools that was used. Lets do this:

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Combofix uninstall is complete. What should I do next?

Your good to go speterson, unless your having any other issues with this PC?

I think it is okay now. Thank you!