TechSpot

WinXP svchost and PC sluggish

By jackgreat
Dec 7, 2008
  1. Hello Everyone,

    I am using a pc at home. The pc which I am using is 2 and a half years old. So far I didn't have major problems with my system. Couple of months ago I installed a new hard drive, thus installed windows again and have been using it without issues.

    Before starting I would like to give you information about my pc. Config is -

    -Intel Pentium D 3 GHZ
    -Nvidia Geforce 8500GT (latest display drivers)
    -2 GB RAM
    -Creative Sound card
    -Windows XP Media Center Edition (SP3)
    -LCD monitor and usual stuff...
    -AVG 8 (Free edition)

    I keep my pc upto date with latest windows updates & stuff. Off late I am experiencing problem with my system. Few days ago I had copied some avi files from my system to my friend's hard disk (removable) via usb. I dont know the
    problem is becoz of that or something else.

    Basically when I boot my pc and login into windows I see my process (PF Usage) is high. Usually its around 290MB at startup. But off late it shot upto 1.2 GB and then once to 320MB and so on. Moreover sometimes after boot i saw iexplore.exe in the taskmanager process list. I had not even started IE. I scanned my pc using avast home edition. Successfully removed file "rs32net.exe" and i thought i m okay.

    I am attaching several screenshots. Some indicate AVG giving popups that following files are infected with trojans. One of the files couldnt even be found. Another screen shot indicates svchost.exe using 347 MB of memory.

    I am attaching hijackthis log file. I found following entry weird and fixed it using hickthis fix button.

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    More or less the log looks ok but i would like you experts to have a look. I dunno what to do about this entry-

    O20 - Winlogon Notify: gvckhrm - gvckhrm32.dll (file missing).

    Advice and help from you will be appreciated.

    Thank you,

    JG
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, this entry needs to be removed:
    O20 - Winlogon Notify: gvckhrm - gvckhrm32.dll (file missing)
    But let's run the additional program first.

    Malware can disguise itself as almost any process. While it would appear that it may be this instance of svchost.exe, we cannot determine that yet. As you see and probably know, in most cases, svchost.exe is an expected process-although such high memory use would make this one suspect.

    But you also need to run the additional malware cleaning programs here:
    http://www.techspot.com/vb/topic58138.html

    You will rerun HijackThis again after Malwarebytes and SuperAntispyware. Please attach all 3 logs for review when through.

    Since you have the same post and images on Castlecops, if you get help there first, please sign off here-and vice versa.
     
  3. jackgreat

    jackgreat TS Rookie Topic Starter Posts: 20

    trouble ahead

    Thanks for your reply dude. Before I saw it, I had run Malwarebytes' Anti-Malware
    software and also top 3 anti-virus programs also.

    The Anti Malware program did detect a unwanted dll and few registry entries, but after reboot I was back to square 1.

    Moreover inspite of running Norton Antivirus 2009, Trend Micro and Kaspersky my system is still infected. This pissed me off and i decided to format my C drive.

    I had also tried Spybot search & destroy application but after reboot those trojans came back. If i am not connected to internet then my pc is okay. The moment I connect they attack and my PF file usage goes to 1 GB and iexplore is seen in process and so forth.

    I think it will be better if I reinstall windows. What do you say ? :confused:
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I don't have enough information to say anything on this. Unless I see the logs from the programs, what you have, what is getting removed and what is coming back, I can't help you.

    I strongly advise you to follow this:
     
  5. jackgreat

    jackgreat TS Rookie Topic Starter Posts: 20

    I have re-installed windows in my pc. Now everything is working fine. Thanks for your support.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.