Win32 encountered a problem & needs to be shut down : svchost.exe

Posted 11/11/2009 4:34 AM
#79442
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
hello


i am facing this problem even after reinstalling new windows xp ( sp2 )



win32 encountered a problem & needs to be shut down : svchost.exe



& then all pc slowed down to nearly non operational & also internet .



please get me rid out of this .



Thanks -n - Regards

Sumit Lama
Posted 11/11/2009 5:46 AM
#79443
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :smile:





Please follow this guide:

Before-posting-a-log


Follow the instructions and copy the logs here, in this Topic.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/11/2009 3:49 PM
#79461
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 122600
Time elapsed: 15 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Sumit\Books\PC\RAR_Password_Cracker_v4.12__PHORUM.WS_HAD_IT_1st_SUCKERZ\rpc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
F:\Sumit\Books\Hardware\All Nokia\Nokia_Local_Mode_Solution.exe (Rogue.Installer) -> Quarantined and deleted successfully.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 16:06:26.73 on Wed 11/11/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.294 [GMT 5.5:30]

AV: avast! antivirus 4.8.1356 [VPS 091110-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\ChgService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\igfxtray.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\MMX300G 3G USB Manager\USB Modem.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://iobitcom.ourtoolbar.com/SetupFinish
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - e:\program files\iobitcom\tbIObi.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - e:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - e:\program files\iobitcom\tbIObi.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - e:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - e:\program files\iobitcom\tbIObi.dll
uRun: [Advanced SystemCare 3] "e:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
mRun: [avast!] e:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "e:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {FB160178-0F96-4718-A80E-8D0F76876ED9} = 218.248.255.193 218.248.240.181
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0t9dlvjv.default\

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2009 12:22:38 PM
System Uptime: 11/11/2009 4:00:37 PM (0 hours ago)

Motherboard: Intel Corporation | | D845GVSR
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | X1 | 2400/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 29.229 GiB free.
D: is FIXED (FAT32) - 19 GiB total, 18.626 GiB free.
E: is FIXED (NTFS) - 45 GiB total, 42.935 GiB free.
F: is FIXED (FAT32) - 19 GiB total, 2.113 GiB free.
G: is FIXED (FAT32) - 19 GiB total, 1.117 GiB free.
H: is FIXED (FAT32) - 19 GiB total, 4.928 GiB free.
I: is Removable
J: is CDROM ()
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30488086&REV_81\4&2AF9ED5&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30488086&REV_81\4&2AF9ED5&0&40F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_02088086&REV_01\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_02088086&REV_01\3&267A616A&0&FD
Service:

==== System Restore Points ===================

RP1: 11/11/2009 12:26:40 PM - System Checkpoint
RP2: 11/11/2009 12:38:54 PM - Advanced SystemCare RestorePoint
RP3: 11/11/2009 1:40:13 PM - Installed Java(TM) 6 Update 15
RP4: 11/11/2009 2:08:37 PM - Installed Power Indiabulls

==== Installed Programs ======================

Advanced SystemCare 3
avast! Antivirus
CCleaner (remove only)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:50 PM, on 11/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\ChgService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
E:\Program Files\MMX300G 3G USB Manager\USB Modem.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://iobitcom.ourtoolbar.com/SetupFinish
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - E:\Program Files\IObitCom\tbIObi.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - E:\Program Files\IObitCom\tbIObi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - E:\Program Files\IObitCom\tbIObi.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "E:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB160178-0F96-4718-A80E-8D0F76876ED9}: NameServer = 218.248.255.193 218.248.240.181
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Change Modem Device Service - Unknown owner - E:\WINDOWS\system32\ChgService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3955 bytes



Thanks for this favour
Posted 11/12/2009 7:33 AM
#79515
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
hello

--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : BIOS Date: 09/22/04 23:29:55 Ver: 08.00.08
USER : Administrator ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:29 Go)
D:\ (Local Disk) - FAT32 - Total:18 Go (Free:18 Go)
E:\ (Local Disk) - NTFS - Total:45 Go (Free:42 Go)
F:\ (Local Disk) - FAT32 - Total:18 Go (Free:2 Go)
G:\ (Local Disk) - FAT32 - Total:18 Go (Free:1 Go)
H:\ (Local Disk) - FAT32 - Total:18 Go (Free:4 Go)
I:\ (USB) - FAT32 - Total:1934 Mo (Free:0 Go)
K:\ (USB) - FAT32 - Total:1894 Mo (Free:1 Go)
"E:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 12-11-2009|12:39 )

http://www.gmer.net
Rootkit scan 2009-11-12 12:41:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections
--------------------\\ Cracks & Keygens ..
E:\DOCUME~1\ADMINI~1\Favorites\forums\GSM-Forum.eu comunity - Unlock - Flash - GSM-Hacking - Cracking - Powered by vBulletin.url
E:\DOCUME~1\ADMINI~1\Favorites\forums\GSM-Hacking - Cracking.url
E:\DOCUME~1\ADMINI~1\Favorites\forums\GSM-HACKING.EU FREE GSM SOFTWARES DATABASE GSMHACKING, CRACKING, CAR HACKING, CONSOLE HACKING, GSM-FORUM.EU 100% FREE.url
E:\DOCUME~1\ADMINI~1\Favorites\Links\CRACK SEARCH ENGINE - crack , serial, keygens, patches..url

[F:50][D:6]-> E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:8][D:0]-> E:\DOCUME~1\ADMINI~1\Cookies
[F:106][D:4]-> E:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "E:\Lop SD\LopR_1.txt" - 12-11-2009|12:41 - Option : [2]
--------------------\\ Scan completed at 12:41:39


Thanks - Regards
Sumit Lama
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, January 20, 2017, 6:48 AM (GMT +1)
There are a total of 61,163 posts in 13,449 threads.
In the last 3 days there were 1 new threads and 5 reply posts.

Who's online

This forum has 37,989 registered members. Please welcome our newest member, Weiwei.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.