Inactive Generic host process for win32 services has encountered a proble

broni · 2010/11/27

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Under the Custom Scan box paste this in:

/md5start
explorer.exe
winlogon.exe
/md5stop

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

conde357 · 2010/11/27

I can't get my laptop to boot up and the other computer is an iPad, plus I need to go out and buy a cd if I am to do this...but how do I get it to boot?

broni · 2010/11/27

You'll be booting from a CD, so Windows is not involved. You shouldn't have any problem with booting from the CD.
This is our only option.
We need to replace those two crucial system files from the outside.

conde357 · 2010/11/27

Ok but in order to make the cd I need to have it boot up or try from a different computer right?

broni · 2010/11/27

You can create that CD on ANY computer and then use it to boot THIS computer.

conde357 · 2010/11/27

Thx we have to resume this later

broni · 2010/11/27

No problem

conde357 · 2010/11/27

I double click on the logo and get Brows for Folder...I see Ramdisk(B, Rec (c), ReatogoPE(x) etc

broni · 2010/11/27

Select a letter where Windows is installed. C?

conde357 · 2010/11/28

When I click on Recovery (C: ) -> Windows I get a lot of options (Folders), I have no clue what to click on next. There is also a local disk (D which contains Windows files...

conde357 · 2010/11/28

I also get an error that says "Target is not windows 2000 or later" when I just click on the C drive

broni · 2010/11/28

Let's go back to your reply #20 for a moment.

I reboot but it asks for a password
Click to expand...

Did you have a chance to perform steps from my reply #19, or you're referring to a password in recovery console?

broni · 2010/11/28

When I click on Recovery (C: ) -> Windows I get a lot of options (Folders), I have no clue what to click on next.
Click to expand...

You have to navigate to a folder, where Windows is actually installed, which will be C:\Windows

conde357 · 2010/11/28

"broni said: ↑

Let's go back to your reply #20 for a moment.

Did you have a chance to perform steps from my reply #19, or you're referring to a password in recovery console?
Click to expand...

No I couldn't do what you suggested in Reply #19 because it asks for a password and I don't have one or can't remember what it is. Right now I am trying to boot up from the disk I made. By the way I have internet as you said.

conde357 · 2010/11/28

"broni said: ↑

You have to navigate to a folder, where Windows is actually installed, which will be C:\Windows
Click to expand...

I am navigating in C folder..I click windows but then get other folder named:

Boot
Branding
debug
System32

and more...which one do I click in?

broni · 2010/11/28

c:\Windows should do.
If it still doesn't work, try to boot the computer, you're posting from, using same OTLPE CD.
I just want to see, if that CD is good and it's bootable on a good computer.
See, if you can get to REATOGO-X-PE desktop on good computer.
Do nothing else, just see, if it boots all the way.

conde357 · 2010/11/28

"broni said: ↑

c:\Windows should do.
If it still doesn't work, try to boot the computer, you're posting from, using same OTLPE CD.
I just want to see, if that CD is good and it's bootable on a good computer.
See, if you can get to REATOGO-X-PE desktop on good computer.
Do nothing else, just see, if it boots all the way.
Click to expand...

I don't have another computer available to do that. I am using the infected computer to post this. Is there anything else that can be done?

broni · 2010/11/28

I'm confused.....
You said before:

Now when I try to boot up it just hangs..I using another computer to write this.
Click to expand...

conde357 · 2010/11/28

Yeah I was using an iPad...anyway I got it to work .but I got an error message along with this:

notepad.exe - entry point not found

: the procedure entry point_ftol2_sse could not be located in the dynamic link library msvcrt.dll

OTL logfile created on: 11/28/2010 2:42:16 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Windows (TM) Code Name "Longhorn" Preinstallation Environment (Version = 6.0.6001.18000.6001) - Type = System
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 4.98 Gb Free Space | 50.95% Space Free | Partition Type: NTFS
Drive D: | 223.07 Gb Total Space | 203.04 Gb Free Space | 91.02% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2008/01/19 02:36:18 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sacsvr.dll -- (sacsvr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbstor.sys -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2008/01/19 02:43:42 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/19 02:43:20 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/19 02:43:16 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/19 02:43:14 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008/01/19 02:43:11 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/19 02:43:08 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/19 02:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/19 02:43:01 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/19 02:42:56 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/19 02:42:55 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/19 02:42:52 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008/01/19 02:42:46 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/19 02:42:45 | 000,088,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2008/01/19 02:42:40 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/19 02:42:39 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008/01/19 02:42:38 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/19 02:42:18 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/19 02:42:04 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008/01/19 02:41:46 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/19 02:41:25 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/19 02:41:22 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/19 02:41:14 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/19 00:50:28 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ramdisk.sys -- (Ramdisk)
DRV - [2008/01/19 00:32:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fbwf.sys -- (FBWF)
DRV - [2008/01/19 00:32:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\wimfsf.sys -- (WimFsf)
DRV - [2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableMIC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIPI = 0
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O20 - HKLM Winlogon: Shell - (cmd.exe) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (/k start cmd.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl ") - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/18 13:53:01 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - File not found - C:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 00:39:51 | 000,000,000 | R--D | C] -- C:\cmdcons

========== Files - Modified Within 30 Days ==========

[2010/11/27 12:17:32 | 000,000,328 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2010/11/27 00:39:54 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/11/27 00:39:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2008/02/05 08:27:10 | 000,000,053 | ---- | C] () -- C:\Windows\System32\winpeshl.ini
[2008/01/18 22:48:22 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en

========== LOP Check ==========

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: WINLOGON.EXE >
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 03:52:42 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< End of report >

broni · 2010/11/28

Something is really mixed up here.
It looks like OTLPE sees your drive C as D and your drive D as drive C.

Restart computer normally, since you can and re-run SystemLook with a same code as in my reply #17

Log in or Sign up

Inactive Generic host process for win32 services has encountered a proble

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Generic host process for win32 services has encountered a proble

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

conde357 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches