• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About marenqo

Profile Information

  • OS
    XP Home
  1. Have you tried both dumps? Were both of them damaged? If so, what to do now? No, I have 3gb but had to limit the size, otherwise the file would be 2gb big
  2. Here is another dump at the moment of a Generic Host Process WIn32 services error szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : ntdll.dll szModVer : 5.1.2600.6055 offset : 00022235 address: * mediashare does not like my browser and crashes
  3. Sorry for the delay, I was on the Kaspersky channel. They don't know what it is there either and I uploaded a million of things there. Fortunately I am not the only one and they are working on it Please find the zipped file here: BTW: I cant do a sfc /scannow, because I don't have the CD here, windows was preinstalled.
  4. Any news on this? My pc has been infected now for over a week and I have been posting on my different forums, unfortunately without success of resolving this....
  5. Please find attached, the first time the attaching did not work Mini042311-01.rar
  6. I finally managed to create a dmp file and attached it in zip format. It was created after I booted up the PC, and I dont think it suffered from anything (no extreme memory usage)
  7. I downloaded the SDK (changed the registry keys) and pressed the key board combi, there was a reboot, but I don't know where I can find the log. Do you have any ideas? I tried: C:\WINDOWS\Minidump and , but that was empty and there was no WINDOWS\memory.dmp. thanks
  8. I downloaded lspfix from here, but it said that it could not find any problems Now downloading SDK for windows for the crash, still will take a while
  9. I received the following Generic Host Process WIn32 services error szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : ntdll.dll szModVer : 5.1.2600.6055 offset : 00022235 ---------------------------- I will now look for LSPFix and create a a full crash dump (and zip it to here)
  10. Could have zipped it indeed, did not think about it, sorry. At some point one of my svchost.exe simply starts to increase gradually take over my pc, which starts making a lot of noise, programmes stop working etc. I think there is indeed malware somewhere, but I tried already so much (inc. MalWareBytes) and nothing seems to find anything. Kaspersky 6.0 warns of blocked sites, which are always the same, but I do not know how to track from where these are started. I googled those sites, but could not find anything. IE now has stopped working, Firefox is sluggish etc and windows update does not work.
  11. It must have been another one then, my pc is relatively quiet at the moment. Something forces it to over-perform and crash the system
  12. I hope this was the correct svchost.exe. The increase in usage fluctuates, but when it has reached a 100 per cent the system freezes and I am forced to reboot edit: its says: "You aren't permitted to upload this kind of file" Shall I upload it somewhere else? edit: uploaded it here:
  13. Happy Easter holidays everybody, Since a few days I have a serious svchost problem. Its taking most of my 3gb of ram and when it does my pc crashes. I have looked around on the Net for some time for possible solutions, but have not found anything that helped. Installed dozens of programmes (Kaspersky, IObit Security 360, Spyware Blaster, Malwarebytes' Anti-Malware, Combofix etc), but really nothing seems to help. Kaspersky Web anti virus tells me every now and then that it has blocked sites such as hxxp:// and hxxp:// I expect that might have something to do with it. It also could be windows update which behaves strangely, but here I also tried many of the advices given on the Net. When I try to update through IE, IE refuses to work properly and when I do get through I get an update error (0x80072EFE). This is what HijackThis v2.0.4 gives me: Scan saved at 15:42:36, on 23/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\intelxpv_v103\wdm\STacSV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\IObit\IObit Security 360\IS360tray.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\IObit\IObit Security 360\is360.exe C:\Program Files\Windows Media Player\setup_wm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\IObit\IObit Security 360\b_securityholes.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-602162358-1960408961-1801674531-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Guest') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1 .0FO\kloehk.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS360service - Unknown owner - C:\Program Files\IObit\IObit Security 360\IS360srv.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe Is there anybody that can/ wants to help me? Many thanks in advance, Marenqo