Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible infection concerning svchost.exe


  • Please log in to reply

#1
PaulRDurrant

PaulRDurrant

    New Member

  • Member
  • Pip
  • 1 posts
Hi all knowledgable people,

(Edited to include to log !!)

I would be grateful for any thoughts concerning this.

Each time I connect via ADSL and then start up a web browser ( it happens wih Internet Exlorer but is worse if I use Firefox ) my pc gets bogged down due to svchost.exe consuming all the cpu.

It gets so bad that the only course of action has been to end the process tree for the offending svchost.exe process. ( Incidentally, am I doing the right thing here ? )

I attach a typical logfile, before having started a web browser.

Many thanks,
Paul

Logfile of HijackThis v1.99.1
Scan saved at 05:35:36, on 06/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dgrpencx.exe
C:\Program Files\EWIDOO Antimal software\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spy Doctor Adware detector\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\The Shield Antivirus 2006\vrmonsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trust\250S Series\lwbwheel.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\The Shield Antivirus\Firewall\FireWall.exe
C:\Program Files\Zone Labs\zlclient.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Composer 1 7 13\Mozilla.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\The Shield Antivirus 2006\vrmonnt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\THESHI~2\Firewall\IrlOnIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.4\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYDOC~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYDOC~1\tools\iesdpb.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\THESHI~2\Firewall\FARPOP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Trust\250S Series\lwbwheel.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [VrMon] C:\Program Files\The Shield Antivirus 2006\vrmonnt.exe Main
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [dwStart] C:\Program Files\The Shield Antivirus\Firewall\FireWall.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "c:\Program Files\Mozilla Composer 1 7 13\Mozilla.exe" -turbo
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Shortcut to vrmonnt.exe.lnk = C:\Program Files\The Shield Antivirus 2006\vrmonnt.exe
O4 - Startup: Shortcut to vrmonsvc.exe.lnk = C:\Program Files\The Shield Antivirus 2006\vrmonsvc.exe
O4 - Startup: Shortcut to zlclient.exe.lnk = C:\Program Files\Zone Labs\zlclient.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYDOC~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://news.bbc.co.uk
O15 - Trusted Zone: *.BkpOldGoodIndex.html
O15 - Trusted Zone: *.ddDocuments and Settings
O15 - Trusted Zone: http://www.demon.net
O15 - Trusted Zone: *.Documents and Settings
O15 - Trusted Zone: http://h20270.www.hp.com
O15 - Trusted Zone: *.poachAmalg1
O15 - Trusted Zone: *.prd-design.com
O15 - Trusted Zone: http://ww.sainsburystoyou.co.uk
O15 - Trusted Zone: http://www.sainsburystoyou.com
O15 - Trusted Zone: *.zindex.html
O15 - Trusted IP range: 83.160.25.176
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://www.vodafone...order/SBCRP.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://rcseu.raboba...uniperSetup.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Digi RealPort Encryption Service (DgRpEncx) - Digi International Inc. - C:\WINDOWS\system32\dgrpencx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\EWIDOO Antimal software\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spy Doctor Adware detector\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\The Shield Antivirus 2006\vrmonsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)

Edited by PaulRDurrant, 05 February 2007 - 11:08 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP