The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Win32 encountered a problem & needs to be shut down : svchost.exe

Posted 11/11/2009 4:34 AM
#79442
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
hello


i am facing this problem even after reinstalling new windows xp ( sp2 )



win32 encountered a problem & needs to be shut down : svchost.exe



& then all pc slowed down to nearly non operational & also internet .



please get me rid out of this .



Thanks -n - Regards

Sumit Lama
Posted 11/11/2009 5:46 AM
#79443
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:





Please follow this guide:

Before-posting-a-log


Follow the instructions and copy the logs here, in this Topic.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/11/2009 3:49 PM
#79461
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 122600
Time elapsed: 15 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Sumit\Books\PC\RAR_Password_Cracker_v4.12__PHORUM.WS_HAD_IT_1st_SUCKERZ\rpc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
F:\Sumit\Books\Hardware\All Nokia\Nokia_Local_Mode_Solution.exe (Rogue.Installer) -> Quarantined and deleted successfully.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 16:06:26.73 on Wed 11/11/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.294 [GMT 5.5:30]

AV: avast! antivirus 4.8.1356 [VPS 091110-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\ChgService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\igfxtray.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\MMX300G 3G USB Manager\USB Modem.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://iobitcom.ourtoolbar.com/SetupFinish
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - e:\program files\iobitcom\tbIObi.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - e:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - e:\program files\iobitcom\tbIObi.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - e:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - e:\program files\iobitcom\tbIObi.dll
uRun: [Advanced SystemCare 3] "e:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
mRun: [avast!] e:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "e:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {FB160178-0F96-4718-A80E-8D0F76876ED9} = 218.248.255.193 218.248.240.181
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0t9dlvjv.default\

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2009 12:22:38 PM
System Uptime: 11/11/2009 4:00:37 PM (0 hours ago)

Motherboard: Intel Corporation | | D845GVSR
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | X1 | 2400/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 29.229 GiB free.
D: is FIXED (FAT32) - 19 GiB total, 18.626 GiB free.
E: is FIXED (NTFS) - 45 GiB total, 42.935 GiB free.
F: is FIXED (FAT32) - 19 GiB total, 2.113 GiB free.
G: is FIXED (FAT32) - 19 GiB total, 1.117 GiB free.
H: is FIXED (FAT32) - 19 GiB total, 4.928 GiB free.
I: is Removable
J: is CDROM ()
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30488086&REV_81\4&2AF9ED5&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30488086&REV_81\4&2AF9ED5&0&40F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_02088086&REV_01\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_02088086&REV_01\3&267A616A&0&FD
Service:

==== System Restore Points ===================

RP1: 11/11/2009 12:26:40 PM - System Checkpoint
RP2: 11/11/2009 12:38:54 PM - Advanced SystemCare RestorePoint
RP3: 11/11/2009 1:40:13 PM - Installed Java(TM) 6 Update 15
RP4: 11/11/2009 2:08:37 PM - Installed Power Indiabulls

==== Installed Programs ======================

Advanced SystemCare 3
avast! Antivirus
CCleaner (remove only)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:50 PM, on 11/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\ChgService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
E:\Program Files\MMX300G 3G USB Manager\USB Modem.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://iobitcom.ourtoolbar.com/SetupFinish
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - E:\Program Files\IObitCom\tbIObi.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - E:\Program Files\IObitCom\tbIObi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - E:\Program Files\IObitCom\tbIObi.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "E:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB160178-0F96-4718-A80E-8D0F76876ED9}: NameServer = 218.248.255.193 218.248.240.181
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Change Modem Device Service - Unknown owner - E:\WINDOWS\system32\ChgService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3955 bytes



Thanks for this favour
Posted 11/12/2009 7:33 AM
#79515
User avatar

cellclinic Valued member

Date Joined Nov 2016
Total Posts: 13
hello

--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : BIOS Date: 09/22/04 23:29:55 Ver: 08.00.08
USER : Administrator ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:29 Go)
D:\ (Local Disk) - FAT32 - Total:18 Go (Free:18 Go)
E:\ (Local Disk) - NTFS - Total:45 Go (Free:42 Go)
F:\ (Local Disk) - FAT32 - Total:18 Go (Free:2 Go)
G:\ (Local Disk) - FAT32 - Total:18 Go (Free:1 Go)
H:\ (Local Disk) - FAT32 - Total:18 Go (Free:4 Go)
I:\ (USB) - FAT32 - Total:1934 Mo (Free:0 Go)
K:\ (USB) - FAT32 - Total:1894 Mo (Free:1 Go)
"E:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 12-11-2009|12:39 )

https://www.gmer.net
Rootkit scan 2009-11-12 12:41:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections
--------------------\\ Cracks & Keygens ..
E:\DOCUME~1\ADMINI~1\Favorites\forums\GSM-Forum.eu comunity - Unlock - Flash - GSM-Hacking - Cracking - Powered by vBulletin.url
E:\DOCUME~1\ADMINI~1\Favorites\forums\GSM-Hacking - Cracking.url
E:\DOCUME~1\ADMINI~1\Favorites\forums\GSM-HACKING.EU FREE GSM SOFTWARES DATABASE GSMHACKING, CRACKING, CAR HACKING, CONSOLE HACKING, GSM-FORUM.EU 100% FREE.url
E:\DOCUME~1\ADMINI~1\Favorites\Links\CRACK SEARCH ENGINE - crack , serial, keygens, patches..url

[F:50][D:6]-> E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:8][D:0]-> E:\DOCUME~1\ADMINI~1\Cookies
[F:106][D:4]-> E:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "E:\Lop SD\LopR_1.txt" - 12-11-2009|12:41 - Option : [2]
--------------------\\ Scan completed at 12:41:39


Thanks - Regards
Sumit Lama
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, September 26, 2022, 2:10 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
37 Guest(s), 0 Registered Member(s) are currently online.