Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe-Application Error


  • This topic is locked This topic is locked
2 replies to this topic

#1 ziaalizia29

ziaalizia29

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 AM

Posted 24 November 2010 - 09:42 PM

hi..
whenever i get turn on my pc i get this error message.

svchost.exe Application Error
The instruction at ''0x001f1cb5''referenced memory at ''0xf8544959''.The memory could not be ''written''.
Click on OK to terminate the program
Click on CANCEL to debug the program

after getting this error my internet get freeze.i cant open any web page until i restart my pc.

I have done a repair manual window update like...

1. Verify Windows Update and BITS Service settings:
a. Click Start->Run, type "services.msc" (without quotation marks) in the open box and click OK.
b. Double click the service "Automatic Updates".
c. Click on the Log On tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.
d. Check if this service has been enabled on the listed Hardware Profile. If not, please click the Enable button to enable it.
e. Click on the tab "General "; make sure the "Startup Type" is "Automatic". Then please click the button "Start" under "Service Status" to start the service.........etc...

but still i'm getting the svchost.exe error message.
i have scaned my pc with the following softwares.

avg
iobit secuirty 360
spybot search and destroy
advanced system care
Reg cure.

plz help me i'll b very grateful to you..
thanks.

====================================


DDS (Ver_10-11-10.01) - FAT32x86
Run by crystal at 6:11:52.82 on Thu 11/25/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.511.128 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\PROGRAM FILES\HIDE FILES AND FOLDERS\HideFilesAndFoldersA.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\PGWARE\SuperRam\SuperRamService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\VLC media player\VLC\vlc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hide Files and Folders\HFF.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\crystal\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
mWinlogon: SfcDisable=-99 (0xffffff9d)
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [yvvwhtva=] c:\documents and settings\crystal\yvvwhtva=.exe
uRun: [wuaucldt] c:\documents and settings\crystal\wuaucldt.exe
uRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
uRun: [yvvwhtva،] c:\documents and settings\crystal\yvvwhtva،.exe
uRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
uRun: [SpeedBitVideoAccelerator] c:\program files\speedbit video accelerator\VideoAccelerator.exe
uRun: [yvvwhtvaK] c:\documents and settings\crystal\yvvwhtvaK.exe
uRun: [yvvwhtvaO] c:\documents and settings\crystal\yvvwhtvaO.exe
uRun: [yvvwhtvah] c:\documents and settings\crystal\yvvwhtvah.exe
uRun: [yvvwhtvaذ] c:\documents and settings\crystal\yvvwhtvaذ.exe
uRun: [yvvwhtva1] c:\documents and settings\crystal\yvvwhtva1.exe
uRun: [yvvwhtvaz] c:\documents and settings\crystal\yvvwhtvaz.exe
uRun: [yvvwhtvaس] c:\documents and settings\crystal\yvvwhtvaس.exe
uRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
uRun: [yvvwhtva-] c:\documents and settings\crystal\yvvwhtva-.exe
uRun: [yvvwhtva;] c:\documents and settings\crystal\yvvwhtva;.exe
uRun: [yvvwhtvap] c:\documents and settings\crystal\yvvwhtvap.exe
uRun: [yvvwhtvag] c:\documents and settings\crystal\yvvwhtvag.exe
uRun: [yvvwhtvad] c:\documents and settings\crystal\yvvwhtvad.exe
uRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
uRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
uRun: [yvvwhtvaع] c:\documents and settings\crystal\yvvwhtvaع.exe
uRun: [yvvwhtvan] c:\documents and settings\crystal\yvvwhtvan.exe
uRun: [yvvwhtva؟] c:\documents and settings\crystal\yvvwhtva؟.exe
uRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
uRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
uRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
uRun: [yvvwhtvaِ] c:\documents and settings\crystal\yvvwhtvaِ.exe
uRun: [yvvwhtvaA] c:\documents and settings\crystal\yvvwhtvaA.exe
uRun: [yvvwhtva9] c:\documents and settings\crystal\yvvwhtva9.exe
uRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
uRun: [yvvwhtva‍] c:\documents and settings\crystal\yvvwhtva‍.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [wuaucldt] c:\windows\system32\wuaucldt.exe
mRun: [smwcore] Mپ
mRun: [yvvwhtva=] c:\windows\system32\yvvwhtva=.exe
mRun: [yvvwhtva] c:\windows\system32\yvvwhtva.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [yvvwhtva] c:\windows\system32\yvvwhtva.exe
mRun: [yvvwhtva،] c:\windows\system32\yvvwhtva،.exe
mRun: [yvvwhtva] c:\windows\system32\yvvwhtva.exe
mRun: [yvvwhtvaK] c:\windows\system32\yvvwhtvaK.exe
mRun: [yvvwhtvaO] c:\windows\system32\yvvwhtvaO.exe
mRun: [yvvwhtvah] c:\windows\system32\yvvwhtvah.exe
mRun: [yvvwhtvaذ] c:\windows\system32\yvvwhtvaذ.exe
mRun: [yvvwhtva1] c:\windows\system32\yvvwhtva1.exe
mRun: [yvvwhtvaگ] c:\windows\system32\yvvwhtvaگ.exe
mRun: [yvvwhtvaz] c:\windows\system32\yvvwhtvaz.exe
mRun: [yvvwhtvaس] c:\windows\system32\yvvwhtvaس.exe
mRun: [yvvwhtva] c:\windows\system32\yvvwhtva.exe
mRun: [yvvwhtva-] c:\windows\system32\yvvwhtva-.exe
mRun: [yvvwhtva;] c:\windows\system32\yvvwhtva;.exe
mRun: [yvvwhtvap] c:\windows\system32\yvvwhtvap.exe
mRun: [yvvwhtvag] c:\windows\system32\yvvwhtvag.exe
mRun: [yvvwhtvad] c:\windows\system32\yvvwhtvad.exe
mRun: [yvvwhtvaع] c:\windows\system32\yvvwhtvaع.exe
mRun: [yvvwhtvan] c:\windows\system32\yvvwhtvan.exe
mRun: [yvvwhtva؟] c:\windows\system32\yvvwhtva؟.exe
mRun: [yvvwhtva] c:\windows\system32\yvvwhtva.exe
mRun: [yvvwhtva] c:\windows\system32\yvvwhtva.exe
mRun: [yvvwhtva] c:\windows\system32\yvvwhtva.exe
mRun: [yvvwhtvaِ] c:\windows\system32\yvvwhtvaِ.exe
mRun: [yvvwhtvaA] c:\windows\system32\yvvwhtvaA.exe
mRun: [yvvwhtva9] c:\windows\system32\yvvwhtva9.exe
mRun: [yvvwhtva] c:\windows\system32\yvvwhtva.exe
mRun: [yvvwhtva‍] c:\windows\system32\yvvwhtva‍.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [wuaucldt] c:\documents and settings\crystal\wuaucldt.exe
dRun: [yvvwhtvaز] c:\documents and settings\crystal\yvvwhtvaز.exe
dRun: [yvvwhtva] c:\documents and settings\crystal\yvvwhtva.exe
dRun: [yvvwhtvaگ] c:\documents and settings\crystal\yvvwhtvaگ.exe
dRun: [yvvwhtvaع] c:\documents and settings\crystal\yvvwhtvaع.exe
dRunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\crystal\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\progra~1\speedb~1\sblsp.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\crystal\applic~1\mozilla\firefox\profiles\2z3hxklr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: c:\documents and settings\crystal\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 FDCENT;FDCENT;c:\windows\system32\FDCENT.SYS [2003-1-20 42752]
R2 HideFilesAndFolders;Hide Files and Folders;c:\program files\hide files and folders\HideFilesAndFoldersA.exe [2003-1-29 101376]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-10-31 312152]
R2 SuperRam;SuperRam Memory Service;c:\program files\pgware\superram\SuperRamService.exe [2010-11-1 1691384]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2010-10-27 26752]

=============== Created Last 30 ================

2010-11-25 01:15:44 35840 ----a-w- c:\windows\system32\yvvwhtva‍.exe
2010-11-25 01:15:44 35840 ----a-w- c:\documents and settings\crystal\yvvwhtva‍.exe
2010-11-25 01:15:42 35840 ----a-w- c:\windows\system32\yvvwhtva.exe
2010-11-25 01:15:42 35840 ----a-w- c:\documents and settings\crystal\yvvwhtva.exe
2010-11-25 01:15:40 35840 ----a-w- c:\windows\system32\yvvwhtva؟.exe
2010-11-25 01:15:39 35840 ----a-w- c:\windows\system32\yvvwhtvaA.exe
2010-11-25 01:15:39 35840 ----a-w- c:\documents and settings\crystal\yvvwhtvaA.exe
2010-11-24 19:33:24 -------- d-sh--w- C:\FOUND.010
2010-11-24 11:05:38 35840 ----a-w- c:\windows\system32\yvvwhtva.exe
2010-11-24 11:05:10 -------- d-sh--w- C:\FOUND.009
2010-11-24 03:26:45 35840 ----a-w- c:\windows\system32\گھپ
2010-11-24 03:10:40 35840 ----a-w- c:\documents and settings\crystal\yvvwhtvaگ.exe
2010-11-24 03:10:38 35840 ----a-w- c:\windows\system32\ٌڑپ
2010-11-24 02:44:41 35328 ----a-w- c:\windows\system32\ءکپ
2010-11-24 02:19:26 35840 ----a-w- c:\windows\system32\ة‍پ
2010-11-24 02:19:21 35328 ----a-w- c:\windows\system32\ة‍پ
2010-11-24 00:48:28 35840 ----a-w- c:\documents and settings\crystal\yvvwhtvaز.exe
2010-11-24 00:48:24 35840 ----a-w- c:\windows\system32\'م}
2010-11-23 21:19:49 35328 ----a-w- c:\windows\system32\;D؛ژ_ّ
2010-11-23 21:19:44 33280 ----a-w- c:\windows\system32\p!پ
2010-11-23 20:16:49 20280 ----a-w- c:\windows\system32\hپ
2010-11-23 08:10:44 -------- d-----w- c:\program files\Raptr
2010-11-23 08:10:44 -------- d-----w- c:\docume~1\crystal\applic~1\Raptr
2010-11-23 08:06:11 -------- d-----w- c:\docume~1\crystal\applic~1\Azureus
2010-11-23 07:48:30 9728 ----a-w- c:\windows\system32\0ز+
2010-11-23 07:36:09 250368 ----a-w- c:\windows\system32\Mپ
2010-11-23 07:27:18 -------- d-sh--w- C:\FOUND.008
2010-11-22 20:14:55 9728 ----a-w- c:\windows\system32\pپ
2010-11-22 04:11:20 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-11-22 04:11:20 -------- d-----w- c:\program files\MagicDisc
2010-11-21 17:11:06 9728 ----a-w- c:\windows\system32\`kپ
2010-11-18 12:36:07 9728 ----a-w- c:\windows\system32\کC'
2010-11-18 03:28:10 2600 ----a-w- c:\windows\system32\hکپ
2010-11-18 03:27:56 33280 ----a-w- c:\windows\system32\`پ
2010-11-18 02:25:45 9728 ----a-w- c:\windows\system32\پ
2010-11-18 02:25:35 33280 ----a-w- c:\windows\system32\گپ
2010-11-18 02:24:30 -------- d-sh--w- C:\FOUND.007
2010-11-17 13:31:59 -------- d-----w- c:\program files\PDFsvg
2010-11-16 23:56:51 33280 ----a-w- c:\windows\system32\'سپ
2010-11-16 23:29:43 9728 ----a-w- c:\windows\system32\ #پ
2010-11-16 18:41:19 9728 ----a-w- c:\windows\system32\Pj‍پ
2010-11-16 18:41:15 33280 ----a-w- c:\windows\system32\0I'
2010-11-16 17:26:12 9728 ----a-w- c:\windows\system32\#‍پ
2010-11-16 15:51:56 9728 ----a-w- c:\windows\system32\ہT'
2010-11-16 15:49:40 -------- d-sh--w- C:\FOUND.006
2010-11-16 02:59:34 -------- d-----w- c:\program files\webgoradio
2010-11-16 02:58:43 9728 ----a-w- c:\windows\system32\طWپ
2010-11-15 19:46:40 250368 ----a-w- c:\windows\system32\ہdپ
2010-11-15 15:29:41 9728 ----a-w- c:\windows\system32\ک((
2010-11-15 15:29:32 250368 ----a-w- c:\windows\system32\ّإپ
2010-11-15 06:26:31 9728 ----a-w- c:\windows\system32\ّ)پ
2010-11-15 06:26:25 250368 ----a-w- c:\windows\system32\ہپ
2010-11-15 05:23:33 6760 ----a-w- c:\windows\system32\پ
2010-11-15 01:14:38 9728 ----a-w- c:\windows\system32\Prپ
2010-11-14 13:14:47 9728 ----a-w- c:\windows\system32\@{پ
2010-11-13 19:51:54 -------- d-sh--w- C:\FOUND.005
2010-11-13 19:13:53 9728 ----a-w- c:\windows\system32\پ
2010-11-13 14:00:28 40448 ----a-w- c:\windows\system32\کپ
2010-11-13 04:38:32 5460 ----a-w- c:\windows\system32\کtةّ
2010-11-13 02:50:04 9728 ----a-w- c:\windows\system32\%
2010-11-13 02:25:44 -------- d-----w- c:\docume~1\crystal\locals~1\applic~1\Opera
2010-11-13 02:17:09 9728 ----a-w- c:\windows\system32\قپ
2010-11-12 22:40:20 9728 ----a-w- c:\windows\system32\8Aپ
2010-11-12 11:13:35 9728 ----a-w- c:\windows\system32\ذھپ
2010-11-12 11:13:25 33280 ----a-w- c:\windows\system32\طشپ
2010-11-12 02:57:31 7020 ----a-w- c:\windows\system32\گ؛Fپ
2010-11-11 22:09:08 250368 ----a-w- c:\windows\system32\ّTپ
2010-11-11 17:58:31 9728 ----a-w- c:\windows\system32\Pپ
2010-11-11 17:48:02 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-11-11 17:30:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-11-11 17:03:21 -------- d-----w- c:\docume~1\crystal\applic~1\ParetoLogic
2010-11-11 17:03:21 -------- d-----w- c:\docume~1\crystal\applic~1\DriverCure
2010-11-11 17:03:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-11-11 16:47:58 9728 ----a-w- c:\windows\system32\بYپ
2010-11-11 16:47:51 33280 ----a-w- c:\windows\system32\گxپ
2010-11-11 16:37:11 -------- d-----w- c:\program files\common files\BitDefender
2010-11-11 13:11:46 33280 ----a-w- c:\windows\system32\X8
2010-11-11 10:26:11 33280 ----a-w- c:\windows\system32\پ
2010-11-11 05:17:37 40448 ----a-w- c:\windows\system32\Tڈپ
2010-11-11 01:30:02 9728 ----a-w- c:\windows\system32\ صپ
2010-11-11 01:29:56 249344 ----a-w- c:\windows\system32\p=ںپ
2010-11-10 21:53:28 33280 ----a-w- c:\windows\system32\p8ضپ
2010-11-10 16:31:10 33280 ----a-w- c:\windows\system32\`أ$
2010-11-10 13:34:27 33280 ----a-w- c:\windows\system32\0ىپ
2010-11-10 06:58:22 40448 ----a-w- c:\windows\system32\Cپ
2010-11-09 13:58:35 40448 ----a-w- c:\windows\system32\ںپ
2010-11-08 23:13:26 249344 ----a-w- c:\windows\system32\iپ
2010-11-08 22:28:15 9728 ----a-w- c:\windows\system32\پHپ
2010-11-08 13:23:53 33280 ----a-w- c:\windows\system32\hpپ
2010-11-08 12:07:25 33280 ----a-w- c:\windows\system32\Zپ
2010-11-08 11:41:39 9728 ----a-w- c:\windows\system32\نQUپ
2010-11-08 11:41:37 33280 ----a-w- c:\windows\system32\ٍّ5پ
2010-11-08 11:19:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Ashampoo
2010-11-07 17:51:38 9728 ----a-w- c:\windows\system32\گ(
2010-11-07 12:36:14 360576 ----a-w- c:\windows\system32\dllcache\TCPIP.SYS
2010-11-07 12:36:12 40448 ----a-w- c:\windows\system32\ّluپ
2010-11-06 12:43:58 9728 ----a-w- c:\windows\system32\طqپ
2010-11-06 12:32:45 9728 ----a-w- c:\windows\system32\@,nپ
2010-11-05 10:36:12 -------- d-sh--w- C:\FOUND.004
2010-11-05 04:29:27 9728 ----a-w- c:\windows\system32\ك‍پ
2010-11-04 19:58:15 9728 ----a-w- c:\windows\system32\ہuپ
2010-11-04 19:10:41 9728 ----a-w- c:\windows\system32\ذرuپ
2010-11-03 20:51:22 9728 ----a-w- c:\windows\system32\`پ
2010-11-02 22:19:06 33280 ----a-w- c:\windows\system32\`ُ(
2010-11-02 17:27:27 -------- d-----w- c:\docume~1\crystal\locals~1\applic~1\Temp
2010-11-02 17:26:31 -------- d-----w- c:\docume~1\crystal\locals~1\applic~1\Google
2010-11-01 22:49:55 -------- d-----w- c:\docume~1\crystal\applic~1\PhotoScape
2010-11-01 22:21:06 9728 ----a-w- c:\windows\system32\xبtپ
2010-11-01 22:21:01 33280 ----a-w- c:\windows\system32\`uvپ
2010-11-01 20:22:00 9728 ----a-w- c:\windows\system32\Pتlپ
2010-11-01 19:51:05 33280 ----a-w- c:\windows\system32\&
2010-11-01 19:50:02 -------- d-sh--w- C:\FOUND.003
2010-11-01 16:19:32 -------- d-----w- c:\program files\PGWARE
2010-11-01 14:50:08 34816 ----a-w- c:\windows\system32\.Columns[2].Caption=Install Time
2010-11-01 14:50:00 9728 ----a-w- c:\windows\system32\Ph(
2010-11-01 14:49:53 33280 ----a-w- c:\windows\system32\xپ
2010-11-01 08:07:37 33280 ----a-w- c:\windows\system32\grپ
2010-10-31 21:17:56 9728 ----a-w- c:\windows\system32\((
2010-10-31 20:54:35 9728 ----a-w- c:\windows\system32\ًٍ(
2010-10-31 20:53:20 -------- d-sh--w- C:\FOUND.002
2010-10-31 18:56:30 33280 ----a-w- c:\windows\system32\ذخپ
2010-10-31 18:34:01 9728 ----a-w- c:\windows\system32\ikپ
2010-10-31 18:33:55 60928 ----a-w- c:\windows\system32\wuaucldt.exe
2010-10-31 17:25:03 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-31 17:25:03 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-10-31 17:24:54 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-10-31 17:24:54 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-10-31 17:24:54 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-10-31 17:24:54 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-10-31 17:24:54 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-31 17:18:43 65552 --sh--w- c:\docume~1\alluse~1\applic~1\GB.bin
2010-10-31 17:18:34 -------- d-----w- c:\windows\Game Turbo Booster
2010-10-31 17:10:59 -------- d-----w- c:\program files\MagicISO
2010-10-31 06:23:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-10-31 01:04:11 9728 ----a-w- c:\windows\system32\ل7
2010-10-30 17:25:57 -------- d-----w- c:\documents and settings\crystal\Plugins
2010-10-30 16:33:18 -------- d-----w- c:\docume~1\crystal\applic~1\IDM
2010-10-30 16:33:18 -------- d-----w- c:\docume~1\crystal\applic~1\DMCache
2010-10-30 16:33:14 -------- d-----w- c:\program files\Internet Download Manager
2010-10-30 15:06:23 9728 ----a-w- c:\windows\system32\گغوپ
2010-10-29 23:08:05 9728 ----a-w- c:\windows\system32\مپ
2010-10-29 19:02:54 34816 ----a-w- c:\windows\system32\9
2010-10-29 15:20:04 -------- d-sh--w- C:\FOUND.001
2010-10-29 08:01:27 -------- d-----w- c:\docume~1\crystal\applic~1\Awem
2010-10-29 08:00:29 -------- d-----w- c:\windows\Letters from Nowhere
2010-10-29 07:58:36 -------- d-----w- c:\docume~1\crystal\applic~1\perfect future studio
2010-10-29 07:47:12 -------- d-sh--w- C:\FOUND.000
2010-10-28 17:40:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-28 16:49:59 -------- d-----w- c:\docume~1\crystal\locals~1\applic~1\Adobe
2010-10-28 16:46:35 -------- d-----w- c:\windows\system32\appmgmt
2010-10-28 16:39:55 -------- d-----w- c:\program files\IObit
2010-10-28 15:05:40 -------- d-----w- c:\windows\system32\NtmsData
2010-10-28 14:56:44 9728 ----a-w- c:\windows\system32\p$#
2010-10-28 14:54:50 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-28 14:54:50 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-28 13:28:25 249344 ----a-w- c:\windows\system32\8پ
2010-10-28 10:52:53 9728 ----a-w- c:\windows\system32\ہXپ
2010-10-28 09:59:23 -------- d-----w- c:\docume~1\crystal\locals~1\applic~1\Yahoo!
2010-10-28 06:31:29 -------- d-----w- c:\docume~1\crystal\locals~1\applic~1\Yahoo
2010-10-27 19:30:21 9728 ----a-w- c:\windows\system32\گصoپ
2010-10-27 15:08:58 -------- d-----w- c:\program files\uTorrent
2010-10-27 15:08:35 -------- d-----w- c:\docume~1\crystal\applic~1\uTorrent
2010-10-27 14:51:37 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-10-27 14:41:55 -------- d-----w- c:\docume~1\crystal\applic~1\IObit
2010-10-27 14:33:13 -------- d-----w- c:\program files\GRETECH
2010-10-27 14:28:08 -------- d-----w- c:\docume~1\crystal\applic~1\BitZipper
2010-10-27 14:28:05 -------- d-----w- c:\program files\BitZipper
2010-10-27 14:23:24 -------- d-----w- c:\program files\Yahoo!
2010-10-27 14:10:12 -------- d-----w- c:\program files\DAP
2010-10-27 14:10:04 -------- d-----w- c:\docume~1\crystal\applic~1\Toolbar4
2010-10-27 14:10:03 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-10-27 14:10:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
2010-10-27 14:02:22 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2010-10-27 14:02:17 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-10-27 14:02:15 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-10-27 14:02:14 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-10-27 14:02:11 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-10-27 14:02:09 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2010-10-27 14:02:06 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-10-27 14:02:02 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-10-27 14:02:00 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys

==================== Find3M ====================

2010-11-25 01:15:42 35840 ----a-w- c:\windows\system32\yvvwhtva9.exe
2010-11-25 01:15:42 35840 ----a-w- c:\documents and settings\crystal\yvvwhtva9.exe
2010-11-24 02:44:46 35328 ----a-w- c:\windows\system32\ءکپ
2010-11-24 02:19:28 35840 ----a-w- c:\windows\system32\ة‍پ
2010-11-24 02:19:24 35328 ----a-w- c:\windows\system32\ة‍پ
2010-11-23 21:19:48 33280 ----a-w- c:\windows\system32\p!پ
2010-11-23 07:36:14 250368 ----a-w- c:\windows\system32\Mپ
2010-11-22 20:14:58 9728 ----a-w- c:\windows\system32\pپ
2010-11-18 12:36:10 9728 ----a-w- c:\windows\system32\کC'
2010-11-18 03:28:42 2600 ----a-w- c:\windows\system32\hکپ
2010-11-18 03:28:02 33280 ----a-w- c:\windows\system32\`پ
2010-11-16 02:58:44 9728 ----a-w- c:\windows\system32\طWپ
2010-11-15 15:29:44 9728 ----a-w- c:\windows\system32\ک((
2010-11-15 15:29:36 250368 ----a-w- c:\windows\system32\ّإپ
2010-11-15 06:26:30 250368 ----a-w- c:\windows\system32\ہپ
2010-11-13 19:13:56 9728 ----a-w- c:\windows\system32\پ
2010-11-13 14:00:32 40448 ----a-w- c:\windows\system32\کپ
2010-11-13 04:39:26 5460 ----a-w- c:\windows\system32\کtةّ
2010-11-13 02:17:12 9728 ----a-w- c:\windows\system32\قپ
2010-11-11 22:09:12 250368 ----a-w- c:\windows\system32\ّTپ
2010-11-11 16:48:00 9728 ----a-w- c:\windows\system32\بYپ
2010-11-11 05:17:44 40448 ----a-w- c:\windows\system32\Tڈپ
2010-11-09 13:58:48 40448 ----a-w- c:\windows\system32\ںپ
2010-11-08 23:14:06 249344 ----a-w- c:\windows\system32\iپ
2010-11-01 19:51:08 33280 ----a-w- c:\windows\system32\&
2010-11-01 08:07:48 33280 ----a-w- c:\windows\system32\grپ

============= FINISH: 6:12:49.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:02 AM

Posted 02 December 2010 - 02:45 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Regards,
Georgi :hello:

cXfZ4wS.png


#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 PM

Posted 07 December 2010 - 10:55 AM

Closed due to lack of reply.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users