Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows 7 svchost problem


  • Please log in to reply
6 replies to this topic

#1 srummell

srummell

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 27 October 2011 - 10:52 AM

Hi everyone. I've been having a few problems with my computer for the past couple of weeks that have been driving me crazy. I'm running Windows 7 Ultimate
The problems that I've been experiencing are:
1. one of my svchost.exe processes uses anywhere from 500,000K to 1,500,000K of memory and causes my computer to really slow down.
2. When I start my computer I get three error boxes that say:
There was a problem starting C:\Users\Stan\AppData\Local\Diagnostics\DiagnosticsUpdate\Diagnosticsupdt32.dll
C:\ProgramData\DisplayOnlineTray.dll
C:\Users\Stan\AppData\Local\AppleUpdate\Appleupdt32.dll
The specified module could not be found.
I run McAfee antivirus software but it hasn't found any problems. McAfee also sent me an additional program called 'Stinger' that seems to fix the problem - but only temporarily. I tried turning off my restore points and running Stinger, but that hasn't helped.
I also run SUPERAntiSpyware. It always finds adware cookies as potential threats, but hasn't found any virus'.
I recently downloaded AVG Anti-Spyware 2012, but have had no luck with that either.
I've got MBAM on my pc and have tried running that also.
I periodically shut down my computer and restart it in safe mode and run Stinger and either SUPERAntiSpyware or MBAM and when I restart my computer it usually works until my next reboot. But each of these run for over an hour, and its getting frustrating to have to run these each day.
One web site that I visited suggested that I disable uPnP under my svchost services. I did that but to no avail.
Another site suggested that I open FireFox, key in about:config in the address box and disable a few processes that run there. That didn't work either.
I've seen a lot of replies on here request HiJack this logs - I don't have HiJackthis - where can I get it (if somebody asks for it)
Anyway - any help you guys can provide me would be greatly appreciated.

Edited by hamluis, 27 October 2011 - 04:17 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 LouisR47

LouisR47

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverside, California
  • Local time:05:26 PM

Posted 27 October 2011 - 01:20 PM

Have you recently uninstalled any programs?
Or install new programs?

#3 srummell

srummell
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 27 October 2011 - 01:37 PM

I recently uninstalled malwarebytes - but because of the problem I was having, somebody told me to reinstall it.

#4 LouisR47

LouisR47

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverside, California
  • Local time:05:26 PM

Posted 27 October 2011 - 02:48 PM

From the research I have done I think you should move this thread to the Malware forum. It could possibly be some sort of rootkit, but I recommend getting some expert advice from the Malware team.

#5 srummell

srummell
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 27 October 2011 - 03:28 PM

What do I need to do to move this to the malware forum? Re-type it there or request to somebody that it be moved?

#6 LouisR47

LouisR47

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Riverside, California
  • Local time:05:26 PM

Posted 27 October 2011 - 03:46 PM

Just sit tight I sent a report to have this thread moved.

Good luck.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 28 October 2011 - 07:37 PM

Hello and welcome.

There was a problem starting C:\Users\Stan\AppData\Local\Diagnostics\DiagnosticsUpdate\Diagnosticsupdt32.dll
C:\ProgramData\DisplayOnlineTray.dll
C:\Users\Stan\AppData\Local\AppleUpdate\Appleupdt32.dll
The specified module could not be found.

these are broken malware

ts not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.
Credit to quietman7


Can you state what Stinger is removing?

I would like to run 3 tools.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users