svchost.exe Error 0x595c16e2 and 0x595c17c2 please help me

#1 parazite

New Member

Group: Members
Posts: 2
Joined: 15-December 09

Posted 15 December 2009 - 03:19 AM

Hey everyone!

I'm helpdesk for a small company and found in this last 2 month many error in diffrent pc models with windows xp sp3 oem installation
For every pc , I used the same iso built with nlite win xp pro sp2 + sp3 + ich driver + serial + some personalisations
after installation I install Office 2003 complete + Mcafee Virusscan 8.5 entreprise + some other small soft (firefox + cdburnerxp + chrome + daemontool + vlc + ......)
the 2 svchost.exe error apear every where but I think the most place are when outlook2003 are used , the 2 error are :

Quote

svchost.exe- Application Error
The instruction at"0x595c16e2" (or ""0x595c17c2") refferenced memory at (or ""0x595c17c2"). The memory could not be "written".
Click on OK to terminate the program.

when I click OK or cancel , the pc freeze no possibility to open task manager no posibility to reboot or shoot down pc
yesterday I make this step with one pc

1 - I scan the pc with Spybot - Search & Destroy with the last update
I delete 4 cookie infected , I have not a log for this

2 - I use Malwarebytes' Anti-Malware 1.42 to do a system scan : this is the report log

Quote

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3358
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

14/12/2009 17:35:04
mbam-log-2009-12-14 (17-35-04).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 205125
Temps écoulé: 32 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-4040278158-4412668293-423075710-8749\hd1.exe (Worm.Autorun. :thumbsup:

-> Delete on reboot.

2 - Finaly I do a system scan with hijackthis , here is the log

HJT Log removed - not allowed in this forum
If time is a concern it is wise to follow other suggestions

Please help me I'm very blocked in my job cause of this

thank you

This post has been edited by garmanma: 15 December 2009 - 12:43 PM

#2 hamluis

Forum Addict

Group: Moderator
Posts: 31,433
Joined: 03-September 05
Gender:Male
Location:Killeen, TX

Posted 15 December 2009 - 10:59 AM

http://ask-leo.com/how_do_i_fix_the_instru...ot_be_read.html

I don't see anything definitive...but take a look at the posts at http://www.google.com/search?hl=en&q=T...tart=0&sa=N.

Louis

Am I Infected, What Do I Do?
Preparation Guide, Malware Log Topics
Using The Report Button
Misplaced Malware Logs
Discussion Forum Rules

#3 Orange Blossom

OBleepin Investigator

Group: Moderator
Posts: 29,825
Joined: 14-July 06
Gender:Not Telling
Location:Bloomington, IN

Posted 18 December 2009 - 12:04 AM

Hello,

Because you have posted a log here: http://www.bleepingcomputer.com/forums/topic278975.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript