Solved Errors svchost on Vista

Status
Not open for further replies.
This is all I get when I scan that file:


VirSCAN.org Scanned Report :
Scanned time : 2011/03/27 17:39:30 (CEST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 25088 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0e135526e9785d085bcd9aede6fbcbf9
SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
Online report : http://virscan.org/report/f8b01790746ae6ccfdbf508cbad8baab.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110327010737 2011-03-27 15.50 -
AhnLab V3 2011.03.27.01 2011.03.27 2011-03-27 1.76 -
AntiVir 8.2.4.192 7.11.5.80 2011-03-27 0.27 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2010 201103240801 2011-03-24 0.00 -
Authentium 5.1.1 201103271446 2011-03-27 1.57 -
AVAST! 4.7.4 110327-0 2011-03-27 0.01 -
AVG 8.5.850 271.1.1/3516 2011-03-19 0.24 -
BitDefender 7.90123.7001104 7.36817 2011-03-27 6.48 -
ClamAV 0.96.5 12911 2011-03-26 0.01 -
Comodo 4.0 8126 2011-03-27 1.30 -
CP Secure 1.3.0.5 2011.03.27 2011-03-27 0.04 -
Dr.Web 5.0.2.3300 2011.03.27 2011-03-27 11.30 -
F-Prot 4.4.4.56 20110326 2011-03-26 1.56 -
F-Secure 7.02.73807 2011.03.27.01 2011-03-27 0.07 -
Fortinet 4.2.254 13.48 2011-03-26 0.33 -
GData 21.2141/21.773 20110327 2011-03-27 10.93 -
ViRobot 20110326 2011.03.26 2011-03-26 0.94 -
Ikarus T3.1.32.20.0 2011.03.27.78032 2011-03-27 4.88 -
JiangMin 13.0.900 2011.03.27 2011-03-27 2.16 -
Kaspersky 5.5.10 2011.03.27 2011-03-27 0.10 -
KingSoft 2009.2.5.15 2011.3.27.9 2011-03-27 1.09 -
McAfee 5400.1158 6297 2011-03-26 9.12 -
Microsoft 1.6702 2011.03.27 2011-03-27 35.72 -
NOD32 3.0.21 5988 2011-03-26 0.32 -
Norman 6.07.03 6.07.00 2011-03-26 16.07 -
Panda 9.05.01 2011.03.27 2011-03-27 2.09 -
Trend Micro 9.200-1012 7.930.07 2011-03-27 0.04 -
Quick Heal 11.00 2011.03.26 2011-03-26 0.96 -
Rising 20.0 23.50.05.05 2011-03-26 2.52 -
Sophos 3.16.1 4.62 2011-03-27 3.06 -
Sunbelt 3.9.2486.2 8831 2011-03-26 0.77 -
Symantec 1.3.0.24 20110326.002 2011-03-26 0.06 -
nProtect 20110326.01 3275801 2011-03-26 15.61 -
The Hacker 6.7.0.1 v00159 2011-03-26 1.26 -
VBA32 3.12.14.3 20110325.1219 2011-03-25 3.68 -
VirusBuster 5.2.0.28 13.6.272.0/48565992011-03-27 0.00 -
 
That's fine! This is one scan that we do not want to find anything!

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :Files 
    C:\Users\Aldie\Downloads\MsgPlusLive-483.exe 
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OEBD3KY\opa63_info[1].htm 
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZB8YEWFK\lee_[1].php 
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================================
Question: There are some similar entries to the string I looked at. Looks like you got Windows Updates on 3/26/2011?
2011-03-26 16:43
c:\windows\system32\ca-ES>> (Computer Architecture for Embedded Systems)
c:\windows\system32\eu-ES>> (European Union> Basque/Spanish)
c:\windows\system32\vi-VN>>> (Vietnamese)
C:\a6c08d8a28d464788021fc4831638b
C:\3b18313747c795b94d352ee3>> This is the directory with the Windows Updates
C:\a7be2023a43f00fb412f9971f2d7b199
C:\474fa51d5b571d3b2f10bf04f8178678
c:\windows\system32\EventProviders

Please take a look at the above and see if you know what they are. IF not, I can look at the Directory like I did for the updates.

Are you still having the svchost errors?
=========================================
 
Hi, so here's the log from the OTMovit.


All processes killed
========== FILES ==========
C:\Users\Aldie\Downloads\MsgPlusLive-483.exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OEBD3KY\opa63_info[1].htm moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZB8YEWFK\lee_[1].php moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aldie
->Temp folder emptied: 709314 bytes
->Temporary Internet Files folder emptied: 144168271 bytes
->Java cache emptied: 1120677 bytes
->Google Chrome cache emptied: 163667370 bytes
->Flash cache emptied: 20287 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Youssef
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1185218 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56590631 bytes
RecycleBin emptied: 131817 bytes

Total Files Cleaned = 351,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 04162011_211614

Files moved on Reboot...

Registry entries deleted on Reboot...
=========================================

As for those entries in your quote; I have no clue what they're about. And I've also stopped receiving any svchost.exe errors lately. The same goes for bluescreens.
 
Since the problems have been resolved, you can Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Status
Not open for further replies.
Back