Malware Removal 4-8-11

Problems:

Started last December or earlier
Recieved an alert

"Generic Host Process for Win 32 Services has encountered a problem and needs to close..." This would happen in nearly half of my user sessions.​

sometimes programs would not open -- often I could use the computer for an hour or so, then this behavior would start.
often the computer would hang when shutting down, especially on

"Saving your settings...​

Yesterday I went through the malware removal process described in the Forum. The only exception was that I couldn't get RootRepeal to run. I got the window

"Initializing, please wait"​

and waited several times for more than half-an-hour. This morning I started again at that point, downloading a new RootRepeal exe. No programs were running; Avast was turned off. MB protection was off. Disabled internet connections. Task Manager showed it not responding. Tried repeatedly. Then went on to MGLogs.

I did notice different behavior while shutting down once this morning. Windows installed 21 updates. Then on start-up, instead of a long-lasting black screen before the Windows XP logo followed by the password window, there was a quick blue window with immediate Windows XP logo followed by the password window. That looked like the good XP blue background. The lack of delay on a black screen seemed healthier.

The system might be okay now. The previous error was so erratic, sometimes it would be a couple of hours before it would manifest, or not at all -- so it's hard for me to tell. Still, I'm concerned about being unable to run RootRepeal.

Thank you so much for your help! :cool

 

After an hour or so of use, the system seems okay. Previously, Avast would frequently block an outgoing connection, which it has not been doing. No Win 32 Services message. Programs open okay. Shuts down and restarts okay, though I'll try that again now. Only did it once since posting.

Now that I have so many choices, on a continuing basis should I run Avast, Malwarebytes, or Super-anti-spyware? I have the free version of each.

Again, thanks very much for your answer, your tools and support!

-- Peter

 

Thank you, Tim W!

I deleted the file that you pointed out.
MBAM log is attached.
I followed the steps in your reply up to #9.

Since yesterday I have tried 4 times to install SP3, without success. Should I start a new thread for this?

The last try was an encouraging step, because it was the first one initiated by Windows Update rather than my download from MS.

I have screen caps of the failure messages and am attaching the first 2. The others are not interesting, just failure notices.

Looking forward to your reply -- thanks again!

Peter

 

Hi Tim,
You wrote, "Let's have you do one more thing: eSet Online Scan."

Whenever I run it, the machine is left in such bad shape, all I can do is press the power button to turn it off.
The last two times, it finished and reported no infections. These were the downloaded version.
Before that I was using barf IE and I think that dropped Internet connections made it impossible to finish.
I'll try one more time to get a log.

Thank you!

 

Hey Tim,
thanks -- I finished Part 9, clearing the restore points and resetting one. Before that I tried SP3 again and documented what I could. Will proceed to a new thread.
Thanks again!
Peter

 

Could you please take a look at my current thread?

So far, two locked registry keys have been preventing installation of SP3.

A lot of effort has occurred and one key has been unlocked. Maybe others will show up after these are brought under control.

http://forums.majorgeeks.com/showthread.php?p=1613061&posted=1

Thank you!