Generic Host Process for System32 Services

[imakraayz1]

Hello,
Hoping for some assistance. On Monday morning, I was getting updates for a friend's laptop. At the same time, I was on my desktop going through emails, surfing etc. Both systems were using ethernet cables, plugged into a wireless router. Closed internet explorer and just happened to notice the norton security icon was missing in the bottom tray. Not even sure when that happened. Went to my desktop and clicked on the Norton icon and computer froze up. Shutdown desktop computer and waited for laptop to finish updates. Removed laptop from router. Rebooted. Tried using "Live Update" for Norton and said it was not able to update and would need to reboot system. Rebooted and wasn't able to get online. Was able to get into safe mode and I deleted Norton. Long story short, ended up with "Generic Host Process for Win32 Services" error. Found your site and performed the Read and Run me first process.

Just a couple of issues with running the process and they are as follows:
1) After running SuperAntispyware, I rebooted as directed and got a blue screen. Technical Info: Stop:0x0008086(0x00000000,0x0000000,0x00000000,0x0000000)
Reset tower and at startup it said computer had recovered from a serious error. I hit the send error and it sent me to microsoft windows error reporting site. Said My RAID controller was missing a driver. Didn't download. I just continued on to the next step.
2) When preparing to run Combofix, after disabling Avast antivirus, I tried running Combofix and it said that Norton antivirus was still enabled and to disable it before continuing. Did a search and did not find Norton anywhere. Clicked Ok and Combofix said Norton was still enabled, but would go ahead and run.

After performing the scans, I rebooted and still have the Generic Host Process Error.

Here are the logs and thanks in advance for any help!

[imakraayz1]

Final log for MGtools!

[dr.moriarty]

Welcome to MajorGeeks, imakraayz1.

I am reviewing your logs and will get back to you with instructions as needed. Please be patient!

*Our queue is working the oldest threads first.

dr.m

[dr.moriarty]

Hello, imakraayz1

*Please move C:\Documents and Settings\MIKE\desktop\mb.exe to its own folder in your "Downloads" folder.

Step 1:
Please look in Add/Remove Programs (Programs and Features if using Vista or Windows 7) for the following and uninstall if found. If you get any errors just make a note and continue on.

Quote:

My Way Search Assistant

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Step 2:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Quote:

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)

After clicking Fix, exit HJT.

Step 3:
Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text inside of the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Quote:

KILLALL::

SecCenter::
{E10A9785-9598-4754-B552-92431C1C35F8}

File::
C:\avg7db_f(2).dat
C:\WINDOWS\SYSTEM32\atmfd(3).dll
C:\WINDOWS\SYSTEM32\jsproxy(3).dll
c:\windows\system32\urlmon(3).dll
c:\windows\system32\wininet(3).dll

Registry::
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  If it asks you to overide the previous file with the same name, click YES.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 4:
I don't see where this folder is needed. Use Windows Explorer to delete it if you agree.
C:\Documents and Settings\MIKE\Local Settings\Application Data\Symantec
*Also delete this folder if still present:
c:\program files\perfect optimizer

Step5 :
Now locate the C:\MGtools\RemMWS.bat file and double-click on it.


Step 6:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Step 7:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip file to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

[imakraayz1]

Hello Dr. Moriarty,

Thanks so much for the quick response.

I moved the mb.exe to it's own folder in "downloads" folder.

Step 1:Did not find My Way Search Assistant in Add/Remove Programs.

Step 2:Performed and Clicked Fix.

Step 3:Used ComboFix. It is still telling me that the real time scanner to be active: Antivirus: Norton Security Suite. It took 3 times for me to drag the CFscript.txt. on top of the ComboFix before it disappeared. ComboFix ran and created a log.

Step 4:Deleted first requested folder and did not find the second.

All other steps competed.

Rebooted and Generic Host for Win32 Services still popping up. Still having issues with Internet Explorer. Click on desktop icon and it opens up and then closes w/out doing anything. Every time I reboot, I get an update ready to install for Adobe 9. I click on the icon in the tray and it starts to download only to stop and say "Fatal Error" Have tried to remove program altogether, but does not let me. Have lost sound when on the internet. (Note: I am able to use the internet using Google Chrome, with no real issues.) Seems rather petty, compared to some issues I've seen on some forums, but the help is most appreciated!!

Attaching new MGlogs.zip file and Combofix file (?)

[dr.moriarty]

Please download and run the below > re-boot > run it again.
Norton Removal Tool (SymNRT) 2009.0.5.26


Then open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Have you worked through the Microsoft links dealing with Internet Explorer issues in the Step 1: Getting Started section of the READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker) ?

*After doing that, repeat the instructions I gave in my post #4... beginning with Step: 2 (skip Step: 5)

Please attach the new C:\MGlogs.zip file to your next reply.

[imakraayz1]

Dr. Moriarty,

Downloaded Norton Removal Tool and ran it >rebooted >and ran again.

Ran CC Cleaner as instructed.

Worked through Microsoft links and got Internet Explorer going. (Thanks!!)

Repeated instructions from post 4...beginning with Step 2.

Step 2: Did not find the 2 lines from before, so moved on.

Step 3: Ran Combofix after reinstalling. Quick question, When I drag the CFscript over the ComboFix.exe, should it disappear?........No Norton antivirus alarm when it started up!! Ran..and it automatically rebooted computer before creating logfile. It also uploaded some malware for further review??? The reboot and upload was different from any other time.

Ran the rest of the steps with no issues.

Rebooted system and still have Generic host process for system32 error at startup. Do not have any sound on internet, (Rhapsody, Youtube, etc.). Have noticed the system has glitches every once in a while, where it appears to go from normal to safe and then back to normal.

Attaching requested log and combofix log. Thanks!!

[dr.moriarty]

You're welcome.

Let's se what these tools will reveal -

Run MBRCheck/ESET Online Scanner

Please download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Then run this online scanner and attach the resulting ESETScan.txt:
Using ESET's Online Scanner

[imakraayz1]

Dr. Moriarty,

Here are the requested logs!!

[dr.moriarty]

Any problems that remain are not malware related, imakraayz1. I suggest that you create a new thread in our Software forum for help diagnosing your problems.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Safe surfing!

[imakraayz1]

Dr. Moriarty,
Thanks for your help!!! I appreciate your time!!

[dr.moriarty]

You're quite welcome!

dr.m