Hello people, I am new here, I ended up here while googleing how to solve this in first stance...
The error is this one:
szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown szModVer : 0.0.0.0 offset : 00000000
The weird thing is that it appears only when logging in as Local Machine Adming. The computer is set to auto-log-on with a Domain User... and that message never shows! But if you close the session and enter as Local Machine Admin, it reports the crash, and not only one crash, sometimes they are several of the same but old
I mean, let's say it's 9 PM and I go to -> Start -> Close Session -> Then enter as Local Admin
The crash window is shown several times with the same but telling me it happened at 7 AM, then another one jumps saying it happened at 12:30 PM, etc etc.
Sometimes is is only one and others is like I explained above. So I tried running some AntiMalwares and didn't find anything relevant.
I tried updating some drivers and it didn't fix it, so I am here now, because the only last option I had was to block some ports from the Windows Registry and I can't do that because AFAIK they need to be used.
I ran a Hijack This on the PC and here is the Log, the PC has been formatted two days ago, and only have some standard programs, it doesn't even have Drivers Pack or Multimedia software yet, just a clean install with XP SP3, AVG Free 2014, Chrome, Word, Excel and PowerPoint 2007, and... that's all
----------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 07:31:20 p.m., on 22/05/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\ARCHIV~1\AVG\AVG2014\avgrsx.exe
C:\Archivos de programa\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\AVG\AVG2014\avgidsagent.exe
C:\Archivos de programa\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Archivos de programa\AVG\AVG2014\avgnsx.exe
C:\Archivos de programa\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\rserver30\FamItrf2.Exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Archivos de programa\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\CRP_BACKUP_ACC\Moderneg AV\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Archivos de programa\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dom.acceso.crm
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC3833C-089B-46A4-A44E-578B234D0241}: NameServer = 192.168.20.167,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF929B32-D992-4CE4-A698-6740B21296B6}: NameServer = 192.168.20.167,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dom.acceso.crm
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dom.acceso.crm
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Archivos de programa\AVG\AVG2014\avgidsagent.exe
O23 - Service: WatchDog de AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Archivos de programa\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 5378 bytes
Edited by Sogetsu, 22 May 2014 - 05:13 PM.