Problem - Generic Host Process for Win32 and other laptop issues

Trying_to_be_good

Hello techie people

I'm a regular elsewhere on the forum, but a bit clueless on techie stuff.

I lent my laptop to my 13 year-old DS last weekend, and now it's not working properly. I get a "generic host process for win32 services has encountered a problem and needs to close" message, can't get windows update to load (I've just disabled windows automatic updates as I managed to get a google search to actually work (something is hijacking searches) and now can't get to the website with manual updates).

I'm just downloading malwarebytes.

Thanks, folks

Update - Unable to update malwarebytes, database 47 days old, but running the full scan now anyway, against the old database.

davb

Malwarebytes is a good start, make sure you update it, scan, fix what it finds - and then post the log here.

Trying_to_be_good

Wow - how long should the scan take? I'm 45 minutes in, 70,000 files scanned so far, and as it wouldn't update, I'm guessing I'll need to do it all again when I find a way to stop that error message coming up!

Nothing untoward found yet, though.

Trying_to_be_good

OK, about to give up and go to bed for this evening, nearly two hours into the scan which I'll pause. It seems to be taking absolutely ages on C:\System Volume Information - never heard of this before. Nearly 120,000 files scanned, 0 objects infected.

In case it helps, weird things (other than websites taking ages, google searh links being redirected to other search engines), the task bar at the bottom of the screen that's normally blue is now partially grey and the start button is grey and in the wrong font, some of the time I'm having to use alt and tab to move between windows as the tabs on the taskbar aren't always working.

Thanks for your help, I'll update tomorrow.

closed

leave it running overnight.

system volume information is your system restore area (which is something you could try)

check your proxy settings in internet explorer, under tools, internet options, connections/lan settings

davb

It can take a while to run, but if it stalls, you may be better running a quick scan in safe mode as a first shot, then a full scan in normal mode later. If Malwarebytes can't find anything, then you may need to update it manually. Post back tomorrow, and I will dig out a link.
System Volume Information is a protected area where Windows stores it's restore points.

Trying_to_be_good

It turns out Match of the Day is quite interesting tonight, so I've hung on in here with the scan, finally finished. Three copies of a trojan only:

alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
05/02/2011 23:35:15
mbam-log-2011-02-05 (23-35-15).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 252997
Time elapsed: 2 hour(s), 35 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.105,93.188.160.35) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D676BC9-B3AB-4004-8DAC-C02F8A9FC296}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.105,93.188.160.35) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6BD2AC73-8D37-46DE-8E07-A946B78FB1D1}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.105,93.188.160.35) Good: () -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Thanks, again

davb

Ok, thats good - those name server entries are what have been doing the redirects - they are in the Ukraine

What you need to do now is reboot, update Malwarebytes, and run the scan again. Then download and run HijackThis (only take a few seconds to run ). Post both logs here, and let's see what it looks like.

paddyrg

I'll bet you're never lending him your laptop again! But if you do, create a limited user account for him, one with no install capabilities, it should keep things cleaner!

Trying_to_be_good

Thanks for all the help so far.

After the reboot last night, and still this morning the laptop won't connect to the Internet at all, claiming my BT Home Hub 2 has an issue, but I'm on the wi-fi with my phone typing this now. Any ideas, please? All the usual blue lights (blue is good) are on, but I'll restart that anyway, too.

Happy Sunday morning, everyone!

UPDATE: I forgot to mention that the Network Connections bit from the Control Panel isn't launching properly, nor is the Security Center (sic). The little icon in the tray in the bottom right hand side by the clock is also missing, and was yesterday when I was managing to be online asking you lovely people questions and running the scans.

Trying_to_be_good

closed wrote: »

leave it running overnight.

system volume information is your system restore area (which is something you could try)

check your proxy settings in internet explorer, under tools, internet options, connections/lan settings

Thanks. The Proxy Settings box ISN'T ticked - is that right? Neither are the 'Automatic Configuration' boxes ticked.