Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Svchost opens iexplore.exe and msnmsgr.exe randomly in the background


  • Please log in to reply

#1
eidrian

eidrian

    New Member

  • Member
  • Pip
  • 1 posts
Hi all, I have an issue with my computer, i run ProcessExplorer and notice that svchost.exe randomly likes to open up iexplore.exe and msnmsgr.exe in the background with a high processor usage. I have tried killing the process but that leads to my computer just restarting, and i also tried killing the processes themselves but they just pop up again. It opens up to 4 iexplore.exe processes and the only way so far to 'stop' them is to have Process Explorer suspend this processes. I have AVG Free, have performed a full test and removed some virus from my computer, but this problem still persists.

Here is the log for DDS:


DDS (Ver_09-06-26.01) - NTFSx86
Run by eid at 22:12:36.45 on 27/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.510.211 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

G:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
G:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
G:\Archivos de programa\Java\jre6\bin\jqs.exe
G:\Archivos de programa\Sandboxie\SbieSvc.exe
G:\ARCHIV~1\AVG\AVG8\avgemc.exe
G:\ARCHIV~1\AVG\AVG8\avgrsx.exe
G:\ARCHIV~1\AVG\AVG8\avgnsx.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\WINDOWS\Explorer.EXE
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\ARCHIV~1\AVG\AVG8\avgtray.exe
G:\Archivos de programa\Java\jre6\bin\jusched.exe
G:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
G:\Archivos de programa\Sandboxie\SbieCtrl.exe
G:\WINDOWS\System32\svchost.exe
G:\Archivos de programa\Mozilla Firefox\firefox.exe
G:\Archivos de programa\ProcessExplorerNT\procexp.exe
G:\Documents and Settings\eid\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = localhost:80
uInternet Settings,ProxyOverride = *.local
BHO: Aplicaci? auxiliar de v?culos de Adobe PDF Reader\0\0\0: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - g:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] g:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] g:\archivos de programa\spybot - search & destroy\TeaTimer.exe
uRun: [AlcoholAutomount] "g:\archivos de programa\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [SandboxieControl] "g:\archivos de programa\sandboxie\SbieCtrl.exe"
mRun: [IMJPMIG8.1] "g:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] g:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] g:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AVG8_TRAY] g:\archiv~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "g:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "g:\archivos de programa\java\jre6\bin\jusched.exe"
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\archiv~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\archivos de programa\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;g:\windows\system32\drivers\Lbd.sys [2009-7-26 64160]
R0 pavboot;pavboot;g:\windows\system32\drivers\pavboot.sys [2009-7-26 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [2008-7-2 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;g:\windows\system32\drivers\avgmfx86.sys [2008-7-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [2009-3-6 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;g:\archiv~1\avg\avg8\avgemc.exe [2009-6-21 907032]
R2 avg8wd;AVG Free8 WatchDog;g:\archiv~1\avg\avg8\avgwdsvc.exe [2008-7-2 298776]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;g:\windows\system32\drivers\psxpad.sys [2007-9-16 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;g:\windows\system32\drivers\psxenum.sys [2007-9-16 16896]
R3 SbieDrv;SbieDrv;g:\archivos de programa\sandboxie\SbieDrv.sys [2009-5-28 108032]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;g:\archivos de programa\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S2 spupdsvc;Windows Service Pack Installer update service;g:\windows\system32\spupdsvc.exe [2007-9-6 26488]

=============== Created Last 30 ================

2009-07-27 22:08 2,104 a------- g:\windows\system32\tmp.reg
2009-07-27 22:05 15,688 a------- g:\windows\system32\lsdelete.exe
2009-07-27 21:46 282,112 a------- g:\windows\system32\TBDE4.tmp
2009-07-27 21:38 597,504 -c------ g:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-27 21:38 89,088 -c------ g:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-27 21:38 117,760 -------- g:\windows\system32\prntvpt.dll
2009-07-27 21:38 575,488 -c------ g:\windows\system32\dllcache\xpsshhdr.dll
2009-07-27 21:38 575,488 -------- g:\windows\system32\xpsshhdr.dll
2009-07-27 21:38 1,676,288 -c------ g:\windows\system32\dllcache\xpssvcs.dll
2009-07-27 21:38 1,676,288 -------- g:\windows\system32\xpssvcs.dll
2009-07-27 21:38 <DIR> --d----- G:\f75fd1227178d618c8e7908195ea786b
2009-07-27 20:28 <DIR> --d----- g:\archivos de programa\MSXML 6.0
2009-07-27 19:51 102,664 a------- g:\windows\system32\drivers\tmcomm.sys
2009-07-27 19:48 <DIR> --d----- g:\documents and settings\eid\.housecall6.6
2009-07-27 18:59 <DIR> --d----- G:\SDFix
2009-07-26 23:43 28,544 a------- g:\windows\system32\drivers\pavboot.sys
2009-07-26 23:09 <DIR> --d----- g:\archivos de programa\Trend Micro
2009-07-26 22:54 <DIR> --d----- g:\archivos de programa\Panda Security
2009-07-26 16:16 64,160 a------- g:\windows\system32\drivers\Lbd.sys
2009-07-26 16:14 <DIR> -cd-h--- g:\docume~1\alluse~1\datosd~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-26 16:14 <DIR> --d----- g:\archivos de programa\Lavasoft
2009-07-26 16:00 77 a------- G:\PLAYSTATION.CUE
2009-07-26 15:55 740,416,656 a------- G:\PLAYSTATION.BIN
2009-07-26 15:23 <DIR> --d----- G:\Rata Blanca D2
2009-07-26 13:15 <DIR> -cd----- g:\windows\system32\dllcache\cache
2009-07-26 13:02 212,480 a------- g:\windows\SWXCACLS_exe
2009-07-26 13:02 161,792 a------- g:\windows\SWREG_exe
2009-07-26 13:02 136,704 a------- g:\windows\SWSC_exe
2009-07-26 13:02 68,096 a------- g:\windows\zip_exe
2009-07-26 05:12 <DIR> --d----- g:\documents and settings\eid\jkos-eid
2009-07-26 03:42 <DIR> --d----- g:\docume~1\alluse~1\datosd~1\13009534
2009-07-26 03:42 40,960 ---shr-- g:\windows\system32\flashad32.dll
2009-07-24 22:57 237,568 a------- g:\windows\system32\rmc_rtspdl.dll
2009-07-24 22:57 156,672 a------- g:\windows\system32\rmc_fixasf.exe
2009-07-24 22:56 323,584 a------- g:\windows\system32\AUDIOGENIE2.DLL
2009-07-24 22:54 <DIR> --d----- g:\windows\Replay Media Catcher
2009-07-24 22:54 <DIR> --d----- g:\archivos de programa\Replay Media Catcher
2009-07-23 02:25 <DIR> --d----- G:\Sandbox
2009-07-23 02:24 1,464 a------- g:\windows\Sandboxie.ini
2009-07-23 02:24 <DIR> --d----- g:\archivos de programa\Sandboxie
2009-07-15 01:28 <DIR> --d----- g:\windows\system32\NtmsData
2009-07-14 13:53 <DIR> --d----- g:\archivos de programa\FlashFXP
2009-07-13 23:57 634 a------- g:\windows\system32\MAPISVC.INF
2009-07-13 23:56 <DIR> --d----- g:\archivos de programa\Ontrack

==================== Find3M ====================

2009-07-26 05:22 410,984 a------- g:\windows\system32\deploytk.dll
2009-07-26 03:41 182,912 a------- g:\windows\system32\drivers\ndis.sys
2009-07-03 09:38 335,752 a------- g:\windows\system32\drivers\avgldx86.sys
2009-06-26 00:49 44,156 a---h--- g:\windows\system32\mlfcache.dat
2009-06-24 22:05 47,360 a------- g:\docume~1\eid\datosd~1\pcouffin.sys
2009-06-24 22:02 47,360 a------- g:\windows\system32\drivers\pcouffin.sys
2009-06-21 15:00 721,904 a------- g:\windows\system32\drivers\sptd.sys
2009-06-21 14:16 11,006 a------- g:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-06-21 14:15 3,003 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
2009-06-21 14:15 2,901 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
2009-06-21 14:15 2,870 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
2009-06-21 14:15 2,837 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
2009-06-21 14:15 3,000 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
2009-06-21 14:15 2,872 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
2009-06-21 14:14 2,880 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
2009-06-21 14:13 14,646 a------- g:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-06-21 00:57 424,834 a------- g:\windows\system32\perfh00A.dat
2009-06-21 00:57 61,124 a------- g:\windows\system32\perfc00A.dat
2009-06-20 19:28 85,504 a------- g:\windows\system32\ff_vfw.dll
2009-06-14 16:21 60,273 a------- g:\windows\system32\pthreadGC2.dll
2009-06-07 16:24 180,224 a------- g:\windows\system32\xvidvfw.dll
2009-06-07 16:16 819,200 a------- g:\windows\system32\xvidcore.dll
2009-06-02 11:17 75,776 a------- g:\windows\system32\WS2Fix.exe
2009-05-02 08:22 11,952 a------- g:\windows\system32\avgrsstx.dll
2008-05-13 00:29 1,214,314 a------- g:\archivos de programa\ProcessExplorerNT.rar
2007-12-12 02:44 92,064 a------- g:\documents and settings\eid\mqdmmdm.sys
2007-12-12 02:44 79,328 a------- g:\documents and settings\eid\mqdmserd.sys
2007-12-12 02:44 66,656 a------- g:\documents and settings\eid\mqdmbus.sys
2007-12-12 02:44 25,600 a------- g:\documents and settings\eid\usbsermptxp.sys
2007-12-12 02:44 22,768 a------- g:\documents and settings\eid\usbsermpt.sys
2007-12-12 02:44 9,232 a------- g:\documents and settings\eid\mqdmmdfl.sys
2007-12-12 02:44 6,208 a------- g:\documents and settings\eid\mqdmcmnt.sys
2007-12-12 02:44 5,936 a------- g:\documents and settings\eid\mqdmwhnt.sys
2007-12-12 02:44 4,048 a------- g:\documents and settings\eid\mqdmcr.sys

============= FINISH: 22:13:29.68 ===============


Any help? I know the culprit here is svchost.exe as its running like 14 instances, but i need to know how to get rid of the faulty ones, all of them are on system32, but the processes are ran in a svchost module that, if killed, will make the computer restart. HOWEVER, i found that killing ANOTHER svchost.exe from the ones that are running nothing, will restart itself AND add an instance of iexplore.exe to the other svchost. I have attached a picture for you curious, the ones in gray are the ones suspended, the other ones are just running normally.

Is there a way to find out whats the processes that call svchost.exe and have them stopped? I already run panda, trend micro and kapersky and they found nothing, this is getting really annoying. =/

Thanks for your time, hopefully someone is able to help me out on this.

Attached Thumbnails

  • PE.png

Attached Files


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP