1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Computer Help Please

Discussion in 'Questions and Answers' started by pennphinfan, Jun 11, 2009.

Tags:
  1. pennphinfan

    pennphinfan Stelin Canez Arcade Scorz

    5,820
    2,511
    113
    Dec 13, 2007
    Los Angeles
    Hey all,
    so methinks I got a virus that is mimicking a problem that people have with windows update errors. Upon loading windows XP, as soon as I try to start a program or anything like that, I get an error that reads:

    svchost.exe- Application Error
    The instruction at "0xd14b0963" referenced memory at "0xd14b0963". The memory could not be "written". Click on OK to terminate the program.

    Then you click OK and you get:
    System Shutdown
    The system is shutting down. This shutdown was initiated by the NT AUTHORITy\SYSTEM

    Message:
    Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly.

    And after a minute blamo, the computer resets and the process starts all over.

    Now, i've tried to research this, and a lot of what i find says that its a problem with windows update (which makes sense, because I thought I had turned the computer off, and when i came home it was dead and out of battery, so it's like it froze while updating)

    But I also read the fix to cure that here http://www.pchell.com/support/svchosterror.shtml, and it isn't working for me because when i get to the last step where you click "Start" I get an error saying "Could not start the Automatic Updates service on Local Computer. Error 998: Invalid access to memory location"

    I can't log on to the internet so I can't run a virus sweep. All the comp has is Sophos Anti-virus and SUPERantispyware and that didn't fix it.

    I also tried downloading 2 virus-removal tools from symantec on this comp and transferring to that comp via USB key and I ran those (They were for the sasser virus and the blaster virus, and neither of those found anything..

    Help!
     
  2. Crappy Tipper

    Crappy Tipper AKA Hero13

    5,865
    2,682
    0
    Aug 23, 2008
    A few programs you can get that have done wonders for me.

    1 - Malwarebytes Anti-Malware

    2 - SDFix, works via dos prompt if you can't get something to run via O/S

    3 - Hitman Pro

    You should be able to get all of them from majorgeeks.com
     
    pennphinfan likes this.
  3. DaFish

    DaFish Well-Known Member

    2,055
    732
    113
    Dec 18, 2007
    Myrtle Beach, SC
    Add SuperAntiSpyWare to that list.
     
  4. anlgp

    anlgp ↑ ↑ ↓ ↓ ← → ← → B A

    Threat (0 is low, 10 is high): 3
    Effects: Loads DLLs as executable processes and loads services from the registry.
    Status: 'svchost.exe' is not critical.
    Path: c:\windows\system32\svchost.exe

    The service host process (svchost.exe) navigates the services-to-be-started section of the Windows registry for services to launch, then constructs lists of processes to launch. Svchost is considered a 'generic' structure for processes that run as dynamic link libraries (DLLs) however, act as executables. This process isn't critical, however, in some cases, the particular instance can be running a critical process.

    ________________________________

    grab those programs boot into safe mode, run them, reboot.

    see if that helps.
     
  5. pennphinfan

    pennphinfan Stelin Canez Arcade Scorz

    5,820
    2,511
    113
    Dec 13, 2007
    Los Angeles
    i downloaded 1 and 3

    can't use hitman because i can't access the internet

    running malwarebytes right now
     
  6. pennphinfan

    pennphinfan Stelin Canez Arcade Scorz

    5,820
    2,511
    113
    Dec 13, 2007
    Los Angeles
    yea my network connections tab basically disappeared from the start menu, i can only get to it through the control panel, and when i try to go into there i get the error message
     
  7. pennphinfan

    pennphinfan Stelin Canez Arcade Scorz

    5,820
    2,511
    113
    Dec 13, 2007
    Los Angeles
    Malwarebytes found 12 'affected' items and it removed them all and told me to restart, but upon restart i'm still having the same problems

    i can't open the internet (mozilla or IE) and the error box still pops up. also, it's taking a really long time for the computer to start now. it stalls on the Gateway opening screen even before the windows XP screen..

    Its not showing any network connections at all, the box is just blank. Is it hiding them?
     
  8. pennphinfan

    pennphinfan Stelin Canez Arcade Scorz

    5,820
    2,511
    113
    Dec 13, 2007
    Los Angeles
    If anyone knows how to read HijackThis stuff, i'm posting it here.. if no one knows what it means I'll seek out some site dedicated to it. but i trust you guys more- FWIW i ran this in normal mode..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:26:39 PM, on 6/11/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe
    C:\Program Files\PC Tools AntiVirus\PCTAV.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\BigFix\bigfix.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Owner.lambaste\Application Data\U3\0000161CB271A305\LaunchPad.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xkcd.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6930
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6930
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
    O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKUS\S-1-5-21-3823041211-4198278865-3136122465-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3823041211-4198278865-3136122465-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
    O4 - HKUS\S-1-5-21-3823041211-4198278865-3136122465-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
    O4 - HKUS\S-1-5-21-3823041211-4198278865-3136122465-1006\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (User '?')
    O4 - HKUS\S-1-5-21-3823041211-4198278865-3136122465-1007\..\Run: [Power2GoExpress] NA (User '?')
    O4 - HKUS\S-1-5-21-3823041211-4198278865-3136122465-500\..\Run: [Power2GoExpress] NA (User '?')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O15 - Trusted Zone: *.doginhispen.com
    O15 - Trusted Zone: *.whataboutadog.com
    O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 10004 bytes
     
  9. PerfectTeam

    PerfectTeam Season Ticket Holder Club Member

    2,631
    1,411
    113
    Nov 25, 2007
    Port St. Lucie, FL
    try running avg. Did wonders for my computer. Also try combofix. Both of those have made my computer run so much better.
     
  10. TokyoFishFan

    TokyoFishFan New Member

    1,294
    578
    0
    Dec 11, 2007
    Tokyo!
    Format, Reload
     
  11. USArmyFinFan

    USArmyFinFan Maximum Effort

    7,581
    4,579
    113
    Mar 23, 2008
    Houston Texas
    If you have the XP disk, do a "Fix" no reinstall, it will set all values back to factory. Back up data just incase though. If error is to serious, XP will reformat and youi will be screwed at that point.

    After you do what ever, NEVER AGAIN USE MCAFEE!!!!!!!!!!

    AVG is so much better and free as well.
     
  12. DaFish

    DaFish Well-Known Member

    2,055
    732
    113
    Dec 18, 2007
    Myrtle Beach, SC
    I use to swear by AVG but that has changed. Avira doesn't tax your system resources as much as AVG and it does it's job very well.
     
  13. Stringer Bell

    Stringer Bell Post Hard, Post Often Club Member

    44,356
    22,480
    113
    Mar 22, 2008
    pennphinfan, you said you had the same issues after running MalwareBytes and restarting? Try restarting your computer, go into SAFEMODE, then run MalwareBytes. After it finds the affected items and restarts you should be good.

    FYI, nod32 is my personal preference for antivirus software
     
  14. Crappy Tipper

    Crappy Tipper AKA Hero13

    5,865
    2,682
    0
    Aug 23, 2008
    Do you think system restore should be turned off in case it's replicating itself?
     
  15. DaFish

    DaFish Well-Known Member

    2,055
    732
    113
    Dec 18, 2007
    Myrtle Beach, SC

    Nod32 is the best non-free antivirus I have ever used. I run it on my systems and install Avira on systems where the owner wants free protection.
     
  16. pennphinfan

    pennphinfan Stelin Canez Arcade Scorz

    5,820
    2,511
    113
    Dec 13, 2007
    Los Angeles
    I got this all cleared up from a techsupport forum. turns out I had a trojan buried deep on my comp. but it's all good now. For sake of having the thread 'answered', I'll give it to Crappy Tipper for responding first :)
     
    Crappy Tipper likes this.

Share This Page